CVE-2019-5885

Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users.
Configurations

Configuration 1

cpe:2.3:a:matrix:synapse:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*

Information

Published : 2019-03-21 04:01

Updated : 2021-07-21 11:39


NVD link : CVE-2019-5885

Mitre link : CVE-2019-5885

Products Affected
No products.
CWE