Vulnerabilities > CVE-2010-3684 - Credentials Management vulnerability in Synology DSM

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

synology

CWE-255

NVD

Published: 2010-09-29

Updated: 2018-10-10

Summary

The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453.

Vulnerable Configurations

Part	Description	Count
OS	Synology Synology DSM 2.2-0942 Synology DSM 2.2-1041 Synology DSM 2.2-1042 Synology DSM 2.2-1045 Synology DSM 2.3-1139 Synology DSM 2.3-1141 Synology DSM 2.3-1144 Synology DSM 2.3-1157 Synology DSM 2.3-1161	9
Hardware	Synology Synology Disk Station Ds1010+ * Synology Disk Station Ds109 * Synology Disk Station Ds110+ * Synology Disk Station Ds110J * Synology Disk Station Ds209 * Synology Disk Station Ds210+ * Synology Disk Station Ds210J * Synology Disk Station Ds409Slim * Synology Disk Station Ds410 * Synology Disk Station Ds410J * Synology Disk Station Ds411+ * Synology Disk Station Ds710+ *	12

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://www.securityfocus.com/archive/1/513970/100/0/threaded