CVE-2017-9552
N/A
N/A
Summary
A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user program to authenticate username and password by "synophoto_dsm_user –auth USERNAME PASSWORD", and local users are able to obtain credentials by sniffing "/proc/*/cmdline".
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Synology | Synology Photo Station | 6.0-2528 through 6.7.1-3419 | affected |
Weaknesses
- CWE-522: Insufficiently Protected Credentials (CWE-522)
ADP Enrichment
CVE Program Container
Additional References
- https://www.synology.com/en-global/support/security/Photo_Station_CVE_2017_9552
- http://blog.crozat.net/2017/06/synology-photostation-password-vulnerabilty.html
References
- https://www.synology.com/en-global/support/security/Photo_Station_CVE_2017_9552
- http://blog.crozat.net/2017/06/synology-photostation-password-vulnerabilty.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.