CVE-2010-3684 - OpenCVE

The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Synology	Disk Station Ds210j Disk Station Ds410j Disk Station Ds409slim Disk Station Ds411\+ Disk Station Ds710\+ Disk Station Ds209 Disk Station Ds1010\+ Disk Station Ds210\+ Disk Station Ds110j Disk Station Ds109 Disk Station Ds410 Disk Station Ds110\+ Dsm

Configuration 1 [-]

AND

OR	cpe:2.3:o:synology:dsm:2.2-0942:::::::*
	cpe:2.3:o:synology:dsm:2.2-1041:::::::*
	cpe:2.3:o:synology:dsm:2.2-1042:::::::*
	cpe:2.3:o:synology:dsm:2.2-1045:::::::*
	cpe:2.3:o:synology:dsm:2.3-1139:::::::*
	cpe:2.3:o:synology:dsm:2.3-1141:::::::*
	cpe:2.3:o:synology:dsm:2.3-1144:::::::*
	cpe:2.3:o:synology:dsm:2.3-1157:::::::*
	cpe:2.3:o:synology:dsm:2.3-1161:::::::*

OR	cpe:2.3:h:synology:disk_station_ds1010\+::::::::
	cpe:2.3:h:synology:disk_station_ds109::::::::
	cpe:2.3:h:synology:disk_station_ds110\+::::::::
	cpe:2.3:h:synology:disk_station_ds110j::::::::
	cpe:2.3:h:synology:disk_station_ds209::::::::
	cpe:2.3:h:synology:disk_station_ds210\+::::::::
	cpe:2.3:h:synology:disk_station_ds210j::::::::
	cpe:2.3:h:synology:disk_station_ds409slim::::::::
	cpe:2.3:h:synology:disk_station_ds410::::::::
	cpe:2.3:h:synology:disk_station_ds410j::::::::
	cpe:2.3:h:synology:disk_station_ds411\+::::::::
	cpe:2.3:h:synology:disk_station_ds710\+::::::::

References

Link	Resource
http://www.securityfocus.com/archive/1/513970/100/0/threaded

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2010-09-29T16:00:00

Updated: 2018-10-10T18:57:01

Reserved: 2010-09-29T00:00:00

Link: CVE-2010-3684

JSON object: View

NVD Information

Status : Modified

Published: 2010-09-29T17:00:05.743

Modified: 2018-10-10T20:05:03.027

Link: CVE-2010-3684

JSON object: View

Redhat Information

No data.

CWE

CWE-255

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:synology:dsm:2.2-0942:*:*:*:*:*:*:*", "matchCriteriaId": "850A03A9-978D-4A60-90B2-A037023A34C9", "vulnerable": true}, {"criteria": "cpe:2.3:o:synology:dsm:2.2-1041:*:*:*:*:*:*:*", "matchCriteriaId": "121E0EE0-0673-42AB-B7E2-CD6729BE26F1", "vulnerable": true}, {"criteria": "cpe:2.3:o:synology:dsm:2.2-1042:*:*:*:*:*:*:*", "matchCriteriaId": "4FB4A66B-FC2F-47A3-8480-695DE2D52979", "vulnerable": true}, {"criteria": "cpe:2.3:o:synology:dsm:2.2-1045:*:*:*:*:*:*:*", "matchCriteriaId": "F61AF3A3-09BD-4EE0-95A6-984CD8B1D71B", "vulnerable": true}, {"criteria": "cpe:2.3:o:synology:dsm:2.3-1139:*:*:*:*:*:*:*", "matchCriteriaId": "7B20EE94-8F9F-45D1-97F1-C429D75E8666", "vulnerable": true}, {"criteria": "cpe:2.3:o:synology:dsm:2.3-1141:*:*:*:*:*:*:*", "matchCriteriaId": "DFC7BB6B-C5F5-42F1-B4B6-39B011C3515B", "vulnerable": true}, {"criteria": "cpe:2.3:o:synology:dsm:2.3-1144:*:*:*:*:*:*:*", "matchCriteriaId": "F02F59B2-0224-4CF6-AF55-C2A7B0919955", "vulnerable": true}, {"criteria": "cpe:2.3:o:synology:dsm:2.3-1157:*:*:*:*:*:*:*", "matchCriteriaId": "D7AADE49-1663-48E9-BEE4-E4FF955FC7F8", "vulnerable": true}, {"criteria": "cpe:2.3:o:synology:dsm:2.3-1161:*:*:*:*:*:*:*", "matchCriteriaId": "5D469DB1-81A7-4F57-833F-CC796C4391F7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:synology:disk_station_ds1010\\+:*:*:*:*:*:*:*:*", "matchCriteriaId": "B99359E4-8DFE-4995-9893-CCA6CEB4B8F9", "vulnerable": false}, {"criteria": "cpe:2.3:h:synology:disk_station_ds109:*:*:*:*:*:*:*:*", "matchCriteriaId": "68BC068B-16C8-4B4F-9851-4B5293FAEF68", "vulnerable": false}, {"criteria": "cpe:2.3:h:synology:disk_station_ds110\\+:*:*:*:*:*:*:*:*", "matchCriteriaId": "1166EF93-847B-4D97-BE07-A6DE16B5E2A7", "vulnerable": false}, {"criteria": "cpe:2.3:h:synology:disk_station_ds110j:*:*:*:*:*:*:*:*", "matchCriteriaId": "14FF9E89-018F-4726-BBA3-4ADD1E73F021", "vulnerable": false}, {"criteria": "cpe:2.3:h:synology:disk_station_ds209:*:*:*:*:*:*:*:*", "matchCriteriaId": "1B3B3E5F-7F93-424C-842D-6D9A793972F9", "vulnerable": false}, {"criteria": "cpe:2.3:h:synology:disk_station_ds210\\+:*:*:*:*:*:*:*:*", "matchCriteriaId": "4719A127-3E49-4B74-AECB-023D17DB0528", "vulnerable": false}, {"criteria": "cpe:2.3:h:synology:disk_station_ds210j:*:*:*:*:*:*:*:*", "matchCriteriaId": "10F66242-CE8F-4569-97CF-63312CC2D358", "vulnerable": false}, {"criteria": "cpe:2.3:h:synology:disk_station_ds409slim:*:*:*:*:*:*:*:*", "matchCriteriaId": "294CBF5E-AB11-42A1-9466-B62224CE976F", "vulnerable": false}, {"criteria": "cpe:2.3:h:synology:disk_station_ds410:*:*:*:*:*:*:*:*", "matchCriteriaId": "CDF651B4-C186-40B5-8F76-9CD1983E919E", "vulnerable": false}, {"criteria": "cpe:2.3:h:synology:disk_station_ds410j:*:*:*:*:*:*:*:*", "matchCriteriaId": "29EFF4D3-362B-40A2-8DEC-3BD20D2859F1", "vulnerable": false}, {"criteria": "cpe:2.3:h:synology:disk_station_ds411\\+:*:*:*:*:*:*:*:*", "matchCriteriaId": "AC21A0D4-CB0F-4336-AF71-1DFE1DFDDE28", "vulnerable": false}, {"criteria": "cpe:2.3:h:synology:disk_station_ds710\\+:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C4D1826-8C3B-4789-A6AD-B5FCF9980936", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453."}, {"lang": "es", "value": "El m\u00f3dulo de autenticaci\u00f3n de FTP en Synology Disk Station v2.x registra las contrase\u00f1as de la interfaz de aplicaci\u00f3n web en los casos de intentos de conexi\u00f3n incorrecta, lo cual permite a usuarios locales obtener informaci\u00f3n sensible mediante la lectura de un registro, una vulnerabilidad diferente de CVE-2010-2453."}], "id": "CVE-2010-3684", "lastModified": "2018-10-10T20:05:03.027", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-09-29T17:00:05.743", "references": [{"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/513970/100/0/threaded"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Primary"}]}