Matrix · Matrix Synapse · CVE-2019-5885
**Name of the Vulnerable Software and Affected Versions**
Matrix Synapse versions prior to 0.34.0.1
**Description**
The issue allows remote attackers to impersonate users due to the use of a predictable value to derive a secret key and other secrets when the `macaroon secret key` authentication parameter is not set.
**Recommendations**
For versions prior to 0.34.0.1, update to version 0.34.0.1 or later to resolve the issue. As a temporary workaround, consider setting the `macaroon secret key` authentication parameter to a unique and unpredictable value to minimize the risk of exploitation.