|
|
|
|
|
|
by intuxikated
1263 days ago
|
|
|
> A malicious server can trick the client into using the same key while talking to the server during the initial registration protocol and while talking to other users in the E2E protocol. this is bad > we show that the attacker can trick a user into creating a valid vouch box and sending it to the attacker. This allows the attacker to impersonate the client to the server forever. This attack means that, under some circumstances, a user might compromise his or her own account by simply sending a message to another user. Yikes |
|
|