Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation
for importing key material for Megolm group sessions and PkDecryption
Ed25519
secret keys. This flaw might allow an attacker to infer some information about
the secret key material through a side-channel attack.
The use of a non-constant time base64 implementation might allow an attacker to observe timing variations in the encoding and decoding operations of the secret key material. This could potentially provide insights into the underlying secret key material.
The impact of this vulnerability is considered low because exploiting the attacker is required to have access to high precision timing measurements, as well as repeated access to the base64 encoding or decoding processes. Additionally, the estimated leakage amount is bounded and low according to the referenced paper[[1]].
{ "license": "CC0-1.0" }