CVE-2017-9552

A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user program to authenticate username and password by “synophoto_dsm_user –auth USERNAME PASSWORD”, and local users are able to obtain credentials by sniffing “/proc/*/cmdline”.

No comments yet.

Leave a Reply

Please leave these two fields as-is:

Protected by Invisible Defender. Showed 403 to 826,934 bad guys.