Predictable Secret Key Generation in Matrix Synapse before 0.34.0.1

Predictable Secret Key Generation in Matrix Synapse before 0.34.0.1

CVE-2019-5885 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users.

Learn more about our User Device Pen Test.