Описание
matrix-sydent and matrix-synapse Use Cryptographically Weak PRNG
An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-11842
- https://github.com/advisories/GHSA-gwf7-vfjf-wf6x
- https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2019-185.yaml
- https://matrix.org/blog/2019/05/03/security-updates-sydent-1-0-3-synapse-0-99-3-1-and-riot-android-0-9-0-0-8-99-0-8-28-a
Пакеты
matrix-sydent
< 1.0.3
1.0.3
matrix-synapse
< 0.99.3.1
0.99.3.1
Связанные уязвимости
An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID.
An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID.
An issue was discovered in Matrix Sydent before 1.0.3 and Synapse befo ...