Lucene search
Veracode Vulnerability DatabaseVERACODE:13497HistoryMar 22, 2019 - 1:21 p.m.
User Impersonation
2019-03-2213:21:00
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
EPSS
0.006
Percentile
79.2%
matrix-synapse is vulnerable to user impersonation. If a configuration parameter called macaroon_secret_key is not set, the authentication secret key is derived using a predictable value and other secrets, allowing remote attackers to impersonate users.
References
lists.fedoraproject.org/archives/list/[email protected]/message/32Y6KD3OAHCG5P33HC2QEX3NUZOSXCGZ/
lists.fedoraproject.org/archives/list/[email protected]/message/VMCLO5PUPBA756UKY72PKUWL4RRM4W6K/
matrix.org/blog/2019/01/10/critical-security-update-synapse-0-34-0-1-synapse-0-34-1-1/
matrix.org/blog/2019/01/15/further-details-on-critical-security-update-in-synapse-affecting-all-versions-prior-to-0-34-1-cve-2019-5885/
Related
osv
osv
CVE-2019-5885
2019-03-21 16:01:05
Matrix Synapse Predictable Secret Key
2022-05-13 01:08:16
PYSEC-2019-187
2019-03-21 16:01:00
nvd
nvd
CVE-2019-5885
2019-03-21 16:01:05
nessus
nessus
Fedora 29 : matrix-synapse (2019-4d914f9257)
2019-01-23 00:00:00
FreeBSD : py-matrix-synapse -- undisclosed vulnerability (383931ba-1818-11e9-92ea-448a5b29e8a9)
2019-01-16 00:00:00
Fedora 28 : matrix-synapse (2019-c6044b3fce)
2019-01-23 00:00:00
openvas
openvas
Fedora Update for matrix-synapse FEDORA-2019-4d914f9257
2019-05-07 00:00:00
Fedora Update for matrix-synapse FEDORA-2019-c6044b3fce
2019-01-23 00:00:00
Ubuntu: Security Advisory (USN-6076-1)
2023-05-17 00:00:00
archlinux
archlinux
[ASA-201901-12] matrix-synapse: private key recovery
2019-01-24 00:00:00
github
github
Matrix Synapse Predictable Secret Key
2022-05-13 01:08:16
prion
prion
Authentication flaw
2019-03-21 16:01:00
cvelist
cvelist
CVE-2019-5885
2019-03-19 17:59:29
freebsd
freebsd
py-matrix-synapse -- undisclosed vulnerability
2019-01-10 00:00:00
ubuntucve
ubuntucve
CVE-2019-5885
2019-03-21 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: matrix-synapse-0.34.0.1-1.fc29
2019-01-22 17:43:03
[SECURITY] Fedora 28 Update: matrix-synapse-0.34.0.1-2.fc28
2019-01-23 01:46:10
cve
cve
CVE-2019-5885
2019-03-21 16:01:05
debiancve
debiancve
CVE-2019-5885
2019-03-21 16:01:05
ubuntu
ubuntu
Synapse vulnerabilities
2023-05-16 00:00:00