Signal-android: Check if updating user is in group

Created on 28 Jul 2017  路  2Comments  路  Source: signalapp/Signal-Android

I have:

Bug description

Groups can be compromised if group id and one member is known, as documented here (page 8 and following)

Steps to reproduce

See link from Bug description

Possible fix

This should be fixed by checking whether a user is part of a group before updating it.

picture pajowu

Most helpful comment

Page 18:

Open WhisperSystems is currently developing a new group management system with advanced administrative features so that they decided not apply our fix.

picture FeuRenard on 28 Jul 2017
🎉3 👍1

All 2 comments

Page 18:

Open WhisperSystems is currently developing a new group management system with advanced administrative features so that they decided not apply our fix.

FeuRenard picture FeuRenard on 28 Jul 2017
🎉3 👍1

GitHub Issue Cleanup:
See #7598 for more information.

automated-signal picture automated-signal on 3 Apr 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

vvug picture vvug  路  3Comments
McLoo picture McLoo  路  3Comments
Wikinaut picture Wikinaut  路  3Comments
notthematrix picture notthematrix  路  3Comments
halb9 picture halb9  路  3Comments