Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Broken base64 encoding for URL password parameter (shared secret) for SPA calls #2429

Closed
fkwp opened this issue Jun 18, 2024 · 1 comment · Fixed by #2430
Closed

Broken base64 encoding for URL password parameter (shared secret) for SPA calls #2429

fkwp opened this issue Jun 18, 2024 · 1 comment · Fixed by #2430
Assignees
@robintown
Labels
A-E2EE End-to-end encryption O-Occasional Affects or can be seen by some users regularly or most users rarely S-Major Severely degrades major functionality or product features, with no satisfactory workaround T-Defect Something isn't working: bugs, crashes, hangs, vulnerabilities, or other reported problems

Comments

@fkwp
Copy link
Contributor

fkwp commented Jun 18, 2024
edited
Loading

No description provided.

@fkwp fkwp added T-Enhancement New features, changes in functionality, performance boosts, user-facing improvements T-Defect Something isn't working: bugs, crashes, hangs, vulnerabilities, or other reported problems and removed T-Enhancement New features, changes in functionality, performance boosts, user-facing improvements labels Jun 18, 2024
@fkwp fkwp changed the title Broken base64 encoding for URL password parameter Broken base64 encoding for URL password parameter (shared secret) for SPA calls Jun 18, 2024
@robintown robintown added S-Major Severely degrades major functionality or product features, with no satisfactory workaround O-Occasional Affects or can be seen by some users regularly or most users rarely A-E2EE End-to-end encryption labels Jun 18, 2024
@fkwp fkwp mentioned this issue Jun 18, 2024
Closed
@robintown
Copy link
Member

Figured out what's happening: when converting to URL-safe base64 we're calling String.replace instead of String.replaceAll, which replaces only the first instance of + or / in the key.

@robintown robintown self-assigned this Jun 18, 2024
This was referenced Jun 18, 2024
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@robintown robintown

Labels
A-E2EE End-to-end encryption O-Occasional Affects or can be seen by some users regularly or most users rarely S-Major Severely degrades major functionality or product features, with no satisfactory workaround T-Defect Something isn't working: bugs, crashes, hangs, vulnerabilities, or other reported problems
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update matrix-js-sdk robintown/element-call
2 participants
@fkwp @robintown