Security researcher Soatok discovered multiple cryptographic vulnerabilities in Matrix's Rust library vodozemac, including a critical flaw where the Olm Diffie-Hellman implementation accepts all-zero public keys (the identity element), leading to predictable shared secrets. Additional issues include silent downgrades from V2 to V1 protocol (truncating MACs from 256 to 64 bits), weak ECIES CheckCode implementation, and disabled strict Ed25519 verification by default. The researcher provided patches and proof-of-concept exploits, disclosed publicly after one week rather than the typical 90 days due to Matrix's poor handling of previous vulnerability reports. Both the deprecated libolm and newer vodozemac libraries are affected by the identity element vulnerability.
Table of contents
ContentsDisclosure TimelineCryptographic Issues in VodozemacWhat’s the Impact?TakeawaysClosing ThoughtsSort: