Sydent
CVE-2019-11842
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID.
AnalysisAI
An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-338. An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID. Affected products include: Matrix Sydent, Matrix Synapse. Version information: before 1.0.3.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Sydent is a reference Matrix identity server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable
Sydent is a reference Matrix identity server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitab
util/emailutils.py in Matrix Sydent before 1.0.2 mishandles registration restrictions that are based on e-mail domain, i
Sydent is a reference matrix identity server. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitab
Sydent is an identity server for the Matrix communications protocol. Rated medium severity (CVSS 5.3), this vulnerabilit
Sydent is a reference Matrix identity server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitab
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today