Cryptomator for iOS Hub API Man-in-the-Middle Vulnerability via Tampered Vault Configuration

A vulnerability in Cryptomator for iOS prior to version 2.8.3 allows an attacker to manipulate the vault configuration file. This interference creates a man-in-the-middle vulnerability in the Hub key loading process. The issue arises because the client previously trusted endpoints specified in the vault configuration without verifying the authenticity of the hosts. As a result, there was a risk of token exfiltration by combining a legitimate authentication endpoint with a malicious API endpoint. The vulnerability affects users accessing Hub-backed vaults with versions of the app prior to 2.8.3, in situations where an attacker can modify the 'vault.cryptomator' file.

Impact

Exploitation of this vulnerability could lead to unauthorized interception and manipulation of data during the Hub API communication, specifically allowing an attacker to exfiltrate tokens by exploiting the trust placed in the Hub authentication endpoints.

Reproduction

To reproduce this vulnerability, unlock a Hub-backed vault using a version of Cryptomator for iOS prior to 2.8.3. Ensure that the 'vault.cryptomator' file can be altered, allowing for the introduction of a malicious API endpoint that could be mixed with a legitimate authentication endpoint.

Remediation

Users can upgrade to Cryptomator for iOS version 2.8.3 or later, which includes a patch for this vulnerability. If an immediate upgrade is not possible, it is recommended to restrict network access so that Cryptomator can only connect to trusted Hub hosts, and to protect the integrity of the vault configuration file by applying strict file permissions and using trusted sync or storage paths.