CVE-2024-42027

Name of the Vulnerable Software and Affected Versions Rocket.Chat Mobile versions prior to 4.5.1

Description The issue is related to the use of weak credentials in the E2EE Password Handler component of Rocket.Chat Mobile. This can allow a remote attacker to gain elevated privileges by accessing a user's profile. The E2EE password entropy generated by Rocket.Chat Mobile is insufficient, making it possible for attackers to crack it with sufficient time and resources.

Recommendations For versions prior to 4.5.1, update to version 4.5.1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive user profiles until the update is applied. Avoid using weak passwords and ensure that all users have strong, unique passwords to minimize the risk of exploitation.