CVE-2020-14423

Convos before 4.20 does not properly generate a random secret in Core/Settings.pm and Util.pm. This leads to a predictable CONVOS_LOCAL_SECRET value, affecting password resets and invitations. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt