A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user program to authenticate username and password by "synophoto_dsm_user --auth USERNAME PASSWORD", and local users are able to obtain credentials by sniffing "/proc/*/cmdline".
References
Link | Resource |
---|---|
https://www.synology.com/en-global/support/security/Photo_Station_CVE_2017_9552 | Third Party Advisory |
http://blog.crozat.net/2017/06/synology-photostation-password-vulnerabilty.html | Issue Tracking Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2017-06-13 06:29
Updated : 2019-10-09 16:30
NVD link : CVE-2017-9552
Mitre link : CVE-2017-9552
JSON object : View
CWE
CWE-287
Improper Authentication
Products Affected
synology
- photo_station