CVE-2023-41335

Summary

CVE-2023-41335 is a vulnerability affecting Synapse, an open-source Matrix homeserver maintained by the Matrix.org Foundation. During password updates, new credentials are temporarily stored in the server database, extending the duration that passwords are present in backups. Although the server doesn't gain additional capabilities from this, it violates the user's expectation of password privacy. This issue is resolved in version 1.93.0, and users are advised to upgrade as soon as possible. No known workarounds exist for this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.