An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID.
oryginał ENCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NMatrix Sydent
APPMatrix< 1.0.3Matrix Synapse
APPMatrix< 0.99.3.1
Powiązane podatności
Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to ...
Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /send_join...
Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when re...
Synapse is an open-source Matrix homeserver. In Synapse before 1.120.1, multipart/form-data requests can in ce...
Synapse is an open-source Matrix homeserver. Synapse versions before 1.106 are vulnerable to a disk fill attac...