Trail of Bits
Audit Open Original ↗

X XChat

Type

Security review

Client

Michael Anderson X

Date

2025-10

Domain

AppSec

Effort

4 wks

Section

Technology Product Reviews

Trail of Bits's security review of Michael Anderson X (Oct 2025) identified 6 issues: 3 high, 1 medium, 1 informational, and 1 undetermined.

Findings · 6

  1. 1 Encrypted conversation keys are not validated High
  2. 2 Long-term identity keys without signatures are not rejected High
  3. 3 Use of truncated SHA-1 Undetermined
  4. 4 Conversation keys are not checked for server replay High
  5. 5 Group key inconsistencies can lead to Invisible Salamander attacks Medium
  6. 6 Confused deputy attack in avatar/attachment encryption Informational

Findings extracted from the published report PDF. See the full report below for details and remediation.

Related