Lucene search
PRIOn knowledge basePRION:CVE-2019-5885HistoryMar 21, 2019 - 4:01 p.m.
Authentication flaw
2019-03-2116:01:00
PRIOn knowledge base
www.prio-n.com
1
Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users.
References
lists.fedoraproject.org/archives/list/[email protected]/message/32Y6KD3OAHCG5P33HC2QEX3NUZOSXCGZ/
lists.fedoraproject.org/archives/list/[email protected]/message/VMCLO5PUPBA756UKY72PKUWL4RRM4W6K/
matrix.org/blog/2019/01/10/critical-security-update-synapse-0-34-0-1-synapse-0-34-1-1/
matrix.org/blog/2019/01/15/further-details-on-critical-security-update-in-synapse-affecting-all-versions-prior-to-0-34-1-cve-2019-5885/
Related
nessus
nessus
FreeBSD : py-matrix-synapse -- undisclosed vulnerability (383931ba-1818-11e9-92ea-448a5b29e8a9)
2019-01-16 00:00:00
Fedora 29 : matrix-synapse (2019-4d914f9257)
2019-01-23 00:00:00
Fedora 28 : matrix-synapse (2019-c6044b3fce)
2019-01-23 00:00:00
osv
osv
Matrix Synapse Predictable Secret Key
2022-05-13 01:08:16
PYSEC-2019-187
2019-03-21 16:01:00
CVE-2019-5885
2019-03-21 16:01:05
veracode
veracode
User Impersonation
2019-03-22 13:21:00
nvd
nvd
CVE-2019-5885
2019-03-21 16:01:05
freebsd
freebsd
py-matrix-synapse -- undisclosed vulnerability
2019-01-10 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: matrix-synapse-0.34.0.1-1.fc29
2019-01-22 17:43:03
[SECURITY] Fedora 28 Update: matrix-synapse-0.34.0.1-2.fc28
2019-01-23 01:46:10
debiancve
debiancve
CVE-2019-5885
2019-03-21 16:01:05
cvelist
cvelist
CVE-2019-5885
2019-03-19 17:59:29
cve
cve
CVE-2019-5885
2019-03-21 16:01:05
ubuntucve
ubuntucve
CVE-2019-5885
2019-03-21 00:00:00
archlinux
archlinux
[ASA-201901-12] matrix-synapse: private key recovery
2019-01-24 00:00:00
openvas
openvas
Fedora Update for matrix-synapse FEDORA-2019-4d914f9257
2019-05-07 00:00:00
Fedora Update for matrix-synapse FEDORA-2019-c6044b3fce
2019-01-23 00:00:00
Ubuntu: Security Advisory (USN-6076-1)
2023-05-17 00:00:00
github
github
Matrix Synapse Predictable Secret Key
2022-05-13 01:08:16
ubuntu
ubuntu
Synapse vulnerabilities
2023-05-16 00:00:00