Insufficient Randomness in User Management Functionality of Synology DiskStation Manager
CVE-2023-2729
What is CVE-2023-2729?
A security flaw in the User Management functionality of Synology DiskStation Manager (DSM) prior to version 7.2-64561 enables remote attackers to potentially exploit insufficiently random values. This vulnerability could lead to unauthorized access and compromise user credentials through unspecified attack vectors, posing a significant risk to affected systems.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
DiskStation Manager (DSM) 7.2
DiskStation Manager (DSM) 7.2 < 7.2-64561
DiskStation Manager (DSM) 7.1 < 7.1.*
News Articles
Security AffairsCVE-2023-2729A flaw in Synology DiskStation Manager allows admin account takeover
A vulnerability in Synology DiskStation Manager (DSM) could be exploited to decipher an administrator's password.
References
CVSS V3.1
Timeline
- ๐ฐ
First article discovered by Security Affairs
Vulnerability published
Vulnerability Reserved