A medium-severity flaw has been found in Synology’s DiskStation Supervisor (DSM) that could possibly be exploited to decipher an administrator’s password and remotely hijack the account.
“Beneath some uncommon situations, an attacker may leak sufficient info to revive the seed of the pseudorandom quantity generator (PRNG), reconstruct the admin password, and remotely take over the admin account,” Claroty’s Sharon Brizinov mentioned in a Tuesday report.
The flaw, assigned the identifier CVE-2023-2729, is rated 5.9 for severity on the CVSS scoring scale. The flaw was addressed by Synology as a part of updates launched in June 2023.
The issue is rooted in the truth that the software program makes use of a weak random quantity generator that depends on the JavaScript Math.random() methodology to programmatically assemble the admin password for the network-attached storage (NAS) gadget.
Known as insecure randomness, it arises when a perform that may produce predictable values, or would not have sufficient entropy, is used as a supply of randomness in a security context, enabling an attacker to crack the encryption and defeat the integrity of delicate info and programs.
Profitable exploitation of such flaws, subsequently, may permit the risk actor to foretell the generated password and achieve entry to in any other case restricted performance.
“By leaking the output of some Math.Random() generated numbers, we have been capable of reconstruct the seed for the PRNG and use it to brute-force the admin password,” Brizinov defined. “Lastly we have been ready to make use of the password to login to the admin account (after enabling it).”
The assault, nonetheless, hinges on an attacker efficiently extracting just a few GUIDs which are additionally generated utilizing the identical methodology throughout the setup course of to have the ability to reconstruct the seed phrase for the pseudorandom quantity generator (PRNG).
“In an actual life situation the attacker will first must leak the aforementioned GUIDs, brute drive the Math.Random state, and achieve the admin password,” Brizinov mentioned. “Even after doing so, by default the builtin admin person account is disabled and most customers will not allow it.”
“Once more, it is essential to do not forget that Math.random() doesn’t present cryptographically safe random numbers. Don’t use them for something associated to security. Use the Internet Crypto API as an alternative, and extra exactly the window.crypto.getRandomValues() methodology.”
