CVE-2023-52948

Name of the Vulnerable Software and Affected Versions Synology Active Backup for Business Agent versions prior to 2.7.0-3221

Description A missing encryption issue exists in the settings functionality of Synology Active Backup for Business Agent, allowing local users to obtain user credentials via unspecified vectors. This issue affects the storage of sensitive data, making it possible for local users to access unencrypted credentials.

Recommendations For versions prior to 2.7.0-3221, update to version 2.7.0-3221 or later to resolve the issue. As a temporary workaround, consider restricting access to the settings functionality to minimize the risk of exploitation.