Random Number Generation Vulnerability in Matrix Sydent and Synapse Products
CVE-2019-11842

7.5HIGH

Key Information:

Vendor: Matrix
Status: Sydent; Synapse
Vendor: CVE Published:; 9 May 2019

What is CVE-2019-11842?

A vulnerability exists in Matrix Sydent and Synapse versions prior to specified updates due to improper handling of random number generation. This flaw increases the likelihood that an attacker could predict authentication tokens or random IDs used by these services, potentially compromising secure communication and user access.

References

https://matrix.org/blog/2019/05/03/security-updates-syden...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 9, 2019
Vulnerability Reserved
May 9, 2019