A medium-severity vulnerability [1] [2] [4] [5] [6] [7] [8] [9] [10], known as CVE-2023-2729 [6], has been discovered in Synology’s DiskStation Manager (DSM) [1] [2] [4] [5] [6] [7] [8] [9], a Linux-based operating system used in network-attached storage (NAS) products [6].
Description
This flaw, rated 5.9 for severity [4] [5] [7] [8] [9], allows attackers to decipher an administrator’s password and remotely hijack the account [1] [2] [4] [5] [7] [8] [9]. It stems from the insecure use of the Math.Random() function in JavaScript [3] [10], which is used to generate the admin password [5] [7]. By reconstructing the seed for the pseudorandom number generator (PRNG) [1] [2] [3] [6] [8], attackers can predict the generated password and gain unauthorized access to the admin account. Synology addressed this issue by releasing updates in June 2023. Users of DSM 7.2 are advised to upgrade to version 7.2-64561 or higher to protect against this vulnerability [6]. To enhance security, it is recommended to avoid using Math.Random() and instead utilize the Web Crypto API’s window.crypto.getRandomValues() method [1].
Conclusion
The discovery of this vulnerability highlights the importance of regularly updating software to ensure the latest security patches are applied. Users of DSM 7.2 should promptly upgrade to version 7.2-64561 or higher to protect against potential attacks. Additionally, to further enhance security, it is advisable to avoid using Math.Random() and instead utilize the Web Crypto API’s window.crypto.getRandomValues() method [1]. By taking these precautions, users can mitigate the risk of unauthorized access to their admin accounts and safeguard their network-attached storage systems.
References
[1] https://vulnera.com/newswire/admin-account-hijack-vulnerability-uncovered-in-synologys-diskstation-manager/
[2] https://cyber.vumetric.com/security-news/2023/10/18/new-admin-takeover-vulnerability-exposed-in-synology-s-diskstation-manager/
[3] https://quantribaomat.com/synology-nas-system-flaw-let-attackers-remotely-hijack-the-admin-account
[4] https://www.itnewsdb.net.in/post/new-admin-takeover-vulnerability-exposed-in-synologys-diskstation-manager-28a0aeac/
[5] https://patabook.com/technology/2023/10/18/new-admin-takeover-vulnerability-exposed-in-synologys-diskstation-manager/
[6] https://cybermaterial.com/synology-vulnerability-exposes-password/
[7] https://flyytech.com/2023/10/18/new-admin-takeover-vulnerability-exposed-in-synologys-diskstation-manager/
[8] https://thehackernews.com/2023/10/new-admin-takeover-vulnerability.html
[9] https://cert.bournemouth.ac.uk/new-admin-takeover-vulnerability-exposed-in-synologys-diskstation-manager/
[10] https://gbhackers.com/synology-nas-system-flaw/
