Vulnerabilities > CVE-2017-15887 - Improper Restriction of Excessive Authentication Attempts vulnerability in Synology Carddav Server

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

synology

CWE-307

critical

NVD

Published: 2017-11-07

Updated: 2019-10-09

Summary

An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allows remote attackers to obtain user credentials via a brute-force attack.

Vulnerable Configurations

Part	Description	Count
Application	Synology Synology Carddav Server 5.2.0-0019 Synology Carddav Server 5.2.0-0021 Synology Carddav Server 5.2.0-0026 Synology Carddav Server 5.2.0-0027 Synology Carddav Server 5.2.0-0028 Synology Carddav Server 6.0.0-0074 Synology Carddav Server 6.0.2-0077 Synology Carddav Server 6.0.3-0078 Synology Carddav Server 6.0.4-0080 Synology Carddav Server 6.0.5-0081 Synology Carddav Server 6.0.6-0083	11

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

References

https://www.synology.com/en-global/support/security/Synology_SA_17_64_CardDAV_Server