dnsexit.com Cross Site Scripting vulnerability OBB-4040221

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Synology DiskStation Manager Cleartext Transmission of Sensitive Information (CVE-2020-27656)

Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager DSM before 6.2.3-25426-2 allows man- in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors. This plugin only works with Tenable.ot. Please visit...

CVE-2020-27656

Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager DSM before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors...

CVE-2020-27657

Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager SRM before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors...

CVE-2020-27657

Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager SRM before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors...

Design/Logic Flaw

Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager SRM before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors...

Design/Logic Flaw

Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager DSM before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors...

CVE-2020-27656

Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager DSM before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors...

CVE-2020-27656

The CVE-2020-27656 issue affects Synology DiskStation Manager (DSM) prior to 6.2.3-25426-2, where cleartext transmission of sensitive information over DDNS can let a man-in-the-middle eavesdrop authentication data for DNSExit. Technical details across sources confirm the affected product (DSM), t...

CVE-2020-27657

CVE-2020-27657 is associated with Synology SRM where a DNSExit DDNS update over SRM’s DDNS feature transmits credentials in cleartext. The TALOS analysis (TALOS-2020-1071) describes an information disclosure in the dnsExit DDNS provider: SRM 1.2.3 RT2600ac 8017-5 uses a PHP script dnsexit.php tha...

CVE-2020-27657

Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager SRM before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors...

Synology SRM dnsExit DDNS provider information disclosure vulnerability

Summary An information disclosure vulnerability exists in the dnsExit DDNS provider functionality of Synology SRM 1.2.3 RT2600ac 8017-5. A specially crafted man-in-the-middle attack can steal the dnsExit credentials to take over the registered subdomain. An attacker can impersonate the remote...