matrix-sydent and matrix-synapse Use Cryptographically Weak PRNG

GHSA-gwf7-vfjf-wf6x · CVE-2019-11842 · PYSEC-2019-185

Published May 24, 2022 · Modified Sep 30, 2024

Description

An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2019-11842
ADVISORY https://github.com/advisories/GHSA-gwf7-vfjf-wf6x
WEB https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2019-185.yaml
WEB https://matrix.org/blog/2019/05/03/security-updates-sydent-1-0-3-synapse-0-99-3-1-and-riot-android-0-9-0-0-8-99-0-8-28-a

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes