Matrix Synapse before 0.34.0.1, when the macaroon_secret_key
authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users.
{ "nvd_published_at": "2019-03-21T16:01:00Z", "cwe_ids": [ "CWE-330" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2023-07-19T20:18:22Z" }