CVE-2010-3684

Name of the Vulnerable Software and Affected Versions Synology Disk Station versions 2.x

Description The FTP authentication module logs passwords to the web application interface in cases of incorrect login attempts, allowing local users to obtain sensitive information by reading a log.

Recommendations For Synology Disk Station versions 2.x, consider disabling the FTP authentication module until a patch is available to prevent local users from obtaining sensitive information. Restrict access to the log files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.