Matrix Synapse prior to 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote malicious users to impersonate users.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
matrix synapse |
||
fedoraproject fedora 28 |
||
fedoraproject fedora 29 |