CVE-2019-11842

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in pypi/matrix-sydent

Identifiers

GHSA-gwf7-vfjf-wf6x, CVE-2019-11842

Package Slug

pypi/matrix-sydent

Vulnerability

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Description

An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID.

Affected Versions

All versions before 1.0.3

Solution

Upgrade to version 1.0.3 or above.

Last Modified

2022-07-29

source