{ "CVE_data_meta": { "ASSIGNER": "security@synology.com", "ID": "CVE-2017-9552", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Synology Photo Station", "version": { "version_data": [ { "version_value": "6.0-2528 through 6.7.1-3419" } ] } } ] }, "vendor_name": "Synology" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user program to authenticate username and password by \"synophoto_dsm_user --auth USERNAME PASSWORD\", and local users are able to obtain credentials by sniffing \"/proc/*/cmdline\"." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Insufficiently Protected Credentials (CWE-522)" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.synology.com/en-global/support/security/Photo_Station_CVE_2017_9552", "refsource": "CONFIRM", "url": "https://www.synology.com/en-global/support/security/Photo_Station_CVE_2017_9552" }, { "name": "http://blog.crozat.net/2017/06/synology-photostation-password-vulnerabilty.html", "refsource": "MISC", "url": "http://blog.crozat.net/2017/06/synology-photostation-password-vulnerabilty.html" } ] } }