dnsexit.com Cross Site Scripting vulnerability OBB-4040221

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Synology DiskStation Manager Cleartext Transmission of Sensitive Information (CVE-2020-27656)

Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager DSM before 6.2.3-25426-2 allows man- in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors. This plugin only works with Tenable.ot. Please visit...

CVE-2020-27657

Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager SRM before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors...

CVE-2020-27656

Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager DSM before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors...

CVE-2020-27657

Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager SRM before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors...

Design/Logic Flaw

Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager DSM before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors...

Design/Logic Flaw

Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager SRM before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors...

CVE-2020-27656

Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager DSM before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors...

CVE-2020-27656

The CVE-2020-27656 issue affects Synology DiskStation Manager (DSM) prior to 6.2.3-25426-2, where cleartext transmission of sensitive information over DDNS can let a man-in-the-middle eavesdrop authentication data for DNSExit. Technical details across sources confirm the affected product (DSM), t...

CVE-2020-27657

Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager SRM before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors...

CVE-2020-27657

CVE-2020-27657 is associated with Synology SRM where a DNSExit DDNS update over SRM’s DDNS feature transmits credentials in cleartext. The TALOS analysis (TALOS-2020-1071) describes an information disclosure in the dnsExit DDNS provider: SRM 1.2.3 RT2600ac 8017-5 uses a PHP script dnsexit.php tha...

Synology SRM dnsExit DDNS provider information disclosure vulnerability

Summary An information disclosure vulnerability exists in the dnsExit DDNS provider functionality of Synology SRM 1.2.3 RT2600ac 8017-5. A specially crafted man-in-the-middle attack can steal the dnsExit credentials to take over the registered subdomain. An attacker can impersonate the remote...