4 matches found
Synology DiskStation Manager Sensitive Cookie in HTTPS Session Without 'Secure' Attribute (CVE-2020-27650)
Synology DiskStation Manager DSM before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. This plugin only works with Tenable.ot. Please...
Synology DiskStation Manager (DSM) 6.2.x < 6.2.3-25426-2 Multiple Vulnerabilities (Synology-SA-20:18) - Remote Known Vulnerable Versions Check
Synology DiskStation Manager DSM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Synology DiskStation Manager (DSM) 6.2.x < 6.2.3-25426-2 Multiple Vulnerabilities (Synology-SA-20:18) - Unreliable Remote Version Check
Synology DiskStation Manager DSM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2020-27650
CVE-2020-27650 affects Synology DiskStation Manager (DSM) versions before 6.2.3-25426-2. The issue is that the session cookie used in HTTPS sessions is not marked with the Secure flag, which can allow an attacker to capture the cookie by intercepting its transmission in an HTTP session. Impact is...