QwikSec

Security Database

CVE

CWE

Training

CVE-2017-9552

Published: Jun 13, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user program to authenticate username and password by "synophoto_dsm_user --auth USERNAME PASSWORD", and local users are able to obtain credentials by sniffing "/proc/*/cmdline".

Vendor	Product	Versions
Synology	Synology Photo Station	affected `6.0-2528 through 6.7.1-3419`

Weaknesses (CWE)

References

https://www.synology.com/en-global/support/security/Photo_Station_CVE_2017_9552

x_refsource_CONFIRM

http://blog.crozat.net/2017/06/synology-photostation-password-vulnerabilty.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.