CVE-2010-3684
Synology DSM - Information Disclosure via FTP Authentication Log
Title source: llmDescription
The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453.
References (1)
Core 1
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/513970/100/0/threaded
Scores
EPSS
0.0012
EPSS Percentile
31.0%
Details
CWE
CWE-255
Status
published
Products (9)
synology/dsm
2.2-0942
synology/dsm
2.2-1041
synology/dsm
2.2-1042
synology/dsm
2.2-1045
synology/dsm
2.3-1139
synology/dsm
2.3-1141
synology/dsm
2.3-1144
synology/dsm
2.3-1157
synology/dsm
2.3-1161
Published
Sep 29, 2010
Tracked Since
Feb 18, 2026