Cryptomator Hub Integrity Check Vulnerability Leading to Man-in-the-Middle Attack

A vulnerability in Cryptomator prior to version 1.19.1 allows an attacker to tamper with the vault configuration file, creating a man-in-the-middle vulnerability in the Hub key loading mechanism. This issue affects users unlocking Hub-backed vaults with versions prior to 1.19.1, in environments where an attacker can modify the 'vault.cryptomator' file. The vulnerability arises because the client trusted endpoints from the vault configuration without verifying host authenticity, which could lead to token exfiltration by combining a legitimate authentication endpoint with a malicious API endpoint.

Impact

Exploitation of this vulnerability could allow an attacker to intercept and manipulate authentication tokens during the Hub key loading process, potentially leading to unauthorized access or actions within the Hub.

Reproduction

To reproduce this vulnerability, an attacker must alter the 'vault.cryptomator' file of a user with an affected version of Cryptomator. This can be done by introducing a malicious API endpoint while mixing it with a legitimate authentication endpoint. Once the 'vault.cryptomator' file is tampered with, the user can be prompted to trust the unverified host during the Hub key loading process, exploiting the lack of authenticity checks.

Remediation

Users can upgrade to Cryptomator version 1.19.1, which includes a patch for this vulnerability by implementing trust-on-first-use host verification and an explicit hostname allowlist for centrally managed deployments.