Vulnerabilities > CVE-2010-3684 - Credentials Management vulnerability in Synology DSM

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

synology

CWE-255

NVD

Published: 2010-09-29

Updated: 2018-10-10

Summary

The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453.

Vulnerable Configurations

Part	Description	Count
OS	Synology Synology DSM 2.2-0942 Synology DSM 2.2-1041 Synology DSM 2.2-1042 Synology DSM 2.2-1045 Synology DSM 2.3-1139 Synology DSM 2.3-1141 Synology DSM 2.3-1144 Synology DSM 2.3-1157 Synology DSM 2.3-1161	9
Hardware	Synology Synology Disk Station Ds1010+ * Synology Disk Station Ds109 * Synology Disk Station Ds110+ * Synology Disk Station Ds110J * Synology Disk Station Ds209 * Synology Disk Station Ds210+ * Synology Disk Station Ds210J * Synology Disk Station Ds409Slim * Synology Disk Station Ds410 * Synology Disk Station Ds410J * Synology Disk Station Ds411+ * Synology Disk Station Ds710+ *	12

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://www.securityfocus.com/archive/1/513970/100/0/threaded