Continuwuity and Conduit Improper Validation Vulnerability Allowing Event Forgery

An improper validation vulnerability has been identified in Continuwuity, a Matrix homeserver written in Rust, and its derivative Conduit. This vulnerability allows an attacker with a malicious remote server to manipulate the local server into signing arbitrary events based on user interactions. The issue arises when a user leaves a room, joins a room, or knocks on a room, as the victim server may request assistance from a remote server. If the victim server engages with the attacker's server, the attacker can inject a custom event that the victim server will sign and return. This exploitation can be tailored to specific endpoints: the leave endpoint can be used to forge valid message and state events for any user on the victim's server, while the join and knock endpoints, although fixed in the latest versions, can still be exploited under certain conditions. This vulnerability affects all Conduit-derived servers and has been exploited against the continuwuity.org homeserver.

Impact

Exploitation of this vulnerability allows for the forgery of membership events, with the potential to manipulate room interactions on behalf of users without their consent. This includes crafting arbitrary leave, join, or knock events that are signed by the victim's server, effectively hijacking the user's presence in Matrix rooms.

Reproduction

To reproduce this vulnerability, a user must interact with a room while the victim server is connected to a malicious remote server. The attacker can then send a crafted event through the remote server that the victim server will sign and return. This can be done by having the victim leave a room, join a room, or knock on a room, depending on the desired endpoint exploitation.

Remediation

Users can update to Continuwuity version 0.5.1 or Conduit version 0.10.11. For Grapevine, version 0aae932b is available, and Tuwunel users should update to version 1.4.9.