// For flags

CVE-2023-38686

Sydent does not verify email server certificates

Severity Score

5.3
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Attend
*SSVC
Descriptions

Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle (MITM) attack. Attackers with privileged access to the network can intercept room invitations and address confirmation emails. This is patched in Sydent 2.5.6. When patching, make sure that Sydent trusts the certificate of the server it is connecting to. This should happen automatically when using properly issued certificates. Those who use self-signed certificates should make sure to copy their Certification Authority certificate, or their self signed certificate if using only one, to the trust store of your operating system. As a workaround, one can ensure Sydent's emails fail to send by setting the configured SMTP server to a loopback or non-routable address under one's control which does not have a listening SMTP server.

Sydent es un servidor de identidad para el protocolo de comunicaciones Matrix. Antes de la versión 2.5.6, si se configuraba para enviar correos electrónicos utilizando TLS, Sydent no verificaba los certificados de los servidores SMTP. Esto hace que los correos electrónicos de Sydent sean vulnerables a la interceptación a través de un ataque man-in-the-middle (MITM). Los atacantes con acceso privilegiado a la red pueden interceptar invitaciones a salas y correos electrónicos de confirmación de direcciones. Esto se ha parcheado en Sydent 2.5.6. Al aplicar el parche, asegúrese de que Sydent confía en el certificado del servidor al que se conecta. Esto debería ocurrir automáticamente si se utilizan certificados emitidos correctamente. Aquellos que utilicen certificados autofirmados deben asegurarse de copiar su certificado de Autoridad de Certificación, o su certificado autofirmado si sólo utilizan uno, al almacén de confianza de su sistema operativo. Como solución alternativa, puede asegurarse de que los correos electrónicos de Sydent no se envíen configurando el servidor SMTP a una dirección de bucle de retorno o no enrutable bajo su control que no tenga un servidor SMTP a la escucha.

*Credits: N/A
CVSS Scores
Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Attend
Exploitation
Poc
Automatable
No
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2023-07-24 CVE Reserved
  • 2023-08-04 CVE Published
  • 2024-08-10 EPSS Updated
  • 2024-10-08 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-295: Improper Certificate Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Matrix
Search vendor "Matrix"
Sydent
Search vendor "Matrix" for product "Sydent"
< 2.5.6
Search vendor "Matrix" for product "Sydent" and version " < 2.5.6"
-
Affected