CVE-2021-21400

Name of the Vulnerable Software and Affected Versions wire-webapp versions prior to 2021-03-15-production.0

Description The issue occurs when a user is prompted to enter the app-lock passphrase in wire-webapp. If the user does not actively give focus to the input field, the typed passphrase will be sent into the most recently used chat. This is resolved in version 2021-03-15-production.0, where input element focus is enforced programmatically.

Recommendations For versions prior to 2021-03-15-production.0, update to version 2021-03-15-production.0 or later to resolve the issue. As a temporary workaround, consider ensuring that the input field for the app-lock passphrase is actively focused before entering the passphrase to prevent it from being sent into the most recently used chat.