CVE-2021-21400
📋 TL;DR
This vulnerability in wire-webapp (Wire's frontend) causes the app-lock passphrase to be unintentionally sent to the most recently used chat when the user types without actively focusing the input field. This exposes sensitive authentication credentials to unintended recipients. All users of wire-webapp before version 2021-03-15-production.0 are affected.
💻 Affected Systems
- wire-webapp
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
App-lock passphrase is sent to unauthorized chat participants, potentially allowing them to bypass app security and access sensitive communications.
Likely Case
Accidental passphrase disclosure to trusted contacts in recent chats, compromising app-lock security.
If Mitigated
No passphrase leakage when proper input focus is enforced.
🎯 Exploit Status
Exploitation requires user to be entering app-lock passphrase and have recent chat activity.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2021-03-15-production.0
Vendor Advisory: https://github.com/wireapp/wire-webapp/security/advisories/GHSA-cxwr-f2j3-q8hp
Restart Required: Yes
Instructions:
1. Update wire-webapp to version 2021-03-15-production.0 or later. 2. Restart the application. 3. Verify the fix by checking version.
🔧 Temporary Workarounds
Manual Input Focus
allEnsure input field is actively focused before typing app-lock passphrase.
Disable App-Lock
allTemporarily disable app-lock feature until patched.
🧯 If You Can't Patch
- Disable app-lock feature completely
- Implement strict user training on manually focusing input fields before typing passphrases
🔍 How to Verify
Check if Vulnerable:
Check wire-webapp version - if earlier than 2021-03-15-production.0, it's vulnerable.Check Version:
Check application settings or about page for version information.Verify Fix Applied:
Confirm version is 2021-03-15-production.0 or later and test app-lock passphrase entry.📡 Detection & Monitoring
Log Indicators:
- Unexpected passphrase strings in chat logs
- App-lock authentication failures
Network Indicators:
- Passphrase strings transmitted in chat traffic
SIEM Query:
Search for patterns matching passphrases in chat/communication logs.🔗 References
- https://github.com/wireapp/wire-webapp/commit/281f2a9d795f68abe423c116d5da4e1e73a60062
- https://github.com/wireapp/wire-webapp/pull/10704
- https://github.com/wireapp/wire-webapp/releases/tag/2021-03-15-production.0
- https://github.com/wireapp/wire-webapp/security/advisories/GHSA-cxwr-f2j3-q8hp
- https://github.com/wireapp/wire-webapp/commit/281f2a9d795f68abe423c116d5da4e1e73a60062
- https://github.com/wireapp/wire-webapp/pull/10704
- https://github.com/wireapp/wire-webapp/releases/tag/2021-03-15-production.0
- https://github.com/wireapp/wire-webapp/security/advisories/GHSA-cxwr-f2j3-q8hp
