Predictable Secret Key Generation in Matrix Synapse before 0.34.0.1
CVE-2019-5885 · MEDIUM Severity
AV:N/AC:L/AU:N/C:N/I:P/A:N
Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users.
Learn more about our User Device Pen Test.