CVE-2014-6868

Name of the Vulnerable Software and Affected Versions DS audio (aka com.synology.DSaudio) version 3.4

Description The issue concerns the failure of the DS audio application to verify X.509 certificates from SSL servers. This oversight allows man-in-the-middle attackers to spoof servers and obtain sensitive information by using a crafted certificate.

Recommendations For version 3.4, consider disabling the SSL connection feature until a patch is available that properly verifies X.509 certificates. Restrict access to sensitive information to minimize the risk of exploitation.