CVE-2017-9552

Summary

A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user program to authenticate username and password by "synophoto_dsm_user –auth USERNAME PASSWORD", and local users are able to obtain credentials by sniffing "/proc/*/cmdline".

Affected Software

VendorProductVersion RangeStatus
SynologySynology Photo Station6.0-2528 through 6.7.1-3419affected

Weaknesses

  • CWE-522: Insufficiently Protected Credentials (CWE-522)

ADP Enrichment

CVE Program Container

Additional References

References