Default credentials

2017-06-1313:29:00

PRIOn knowledge base

www.prio-n.com

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user program to authenticate username and password by “synophoto_dsm_user --auth USERNAME PASSWORD”, and local users are able to obtain credentials by sniffing “/proc/*/cmdline”.

CPENameOperatorVersion
photo_stationeq6.6.2-3346
photo_stationeq6.6.1-3345
photo_stationeq6.5.0-3218
photo_stationeq6.3.2960
photo_stationeq6.7.1-3419
photo_stationeq6.3.2963
photo_stationeq6.3.2965
photo_stationeq6.0.2638
photo_stationeq6.6.3-3347
photo_stationeq6.4.3166

Name	Operator	Version
photo_station	eq	6.6.2-3346
photo_station	eq	6.6.1-3345
photo_station	eq	6.5.0-3218
photo_station	eq	6.3.2960
photo_station	eq	6.7.1-3419
photo_station	eq	6.3.2963
photo_station	eq	6.3.2965
photo_station	eq	6.0.2638
photo_station	eq	6.6.3-3347
photo_station	eq	6.4.3166