A design flaw in authentication in Synology Photo Station 6.0-2528 up to and including 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user program to authenticate username and password by "synophoto_dsm_user --auth USERNAME PASSWORD", and local users are able to obtain credentials by sniffing "/proc/*/cmdline".
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
synology photo station 6.0-2636 |
||
synology photo station 6.5.2-3225 |
||
synology photo station 6.3-2963 |
||
synology photo station 6.3-2962 |
||
synology photo station 6.0-2640 |
||
synology photo station 6.6.2-3346 |
||
synology photo station 6.3-2965 |
||
synology photo station 6.6.1-3346 |
||
synology photo station 6.3-2964 |
||
synology photo station 6.5.1-3223 |
||
synology photo station 6.5.0-3218 |
||
synology photo station 6.3-2944 |
||
synology photo station 6.0-2528 |
||
synology photo station 6.3-2958 |
||
synology photo station 6.0-2638 |
||
synology photo station 6.6.1-3345 |
||
synology photo station 6.6.0-3339 |
||
synology photo station 6.5.3-3226 |
||
synology photo station 6.3-2960 |
||
synology photo station 6.7.1-3419 |
||
synology photo station 6.4-3166 |
||
synology photo station 6.0-2639 |
||
synology photo station 6.6.3-3347 |
||
synology photo station 6.7.0-3414 |