Admin Account Hijack Vulnerability Uncovered in Synology’s DiskStation Manager

October 18, 2023

A vulnerability in Synology's DiskStation Manager (DSM), which could be used to decode an administrator's password and remotely take control of the account, has been exposed. Sharon Brizinov from Claroty stated on Tuesday, "Under some rare conditions, an attacker could leak enough information to restore the seed of the pseudorandom number generator (PRNG), reconstruct the admin password, and remotely take over the admin account." The vulnerability, designated as CVE-2023-2729, has a medium severity rating of 5.9 on the CVSS scale.

The issue was resolved by Synology in updates released in June 2023. The root cause of the problem is the software's use of a weak random number generator that relies on the JavaScript Math.random() method to programmatically construct the admin password for the network-attached storage (NAS) device. This is referred to as insecure randomness, which occurs when a function that can produce predictable values, or doesn't have enough entropy, is used as a source of randomness in a security context. This allows an attacker to crack the encryption and compromise the integrity of sensitive information and systems.

Successful exploitation of such flaws could enable the threat actor to predict the generated password and gain access to otherwise restricted functionality. Brizinov explained, "By leaking the output of a few Math.Random() generated numbers, we were able to reconstruct the seed for the PRNG and use it to brute-force the admin password. Finally we were able to use the password to login to the admin account (after enabling it)." However, the attack depends on the attacker successfully extracting a few GUIDs that are also generated using the same method during the setup process to reconstruct the seed phrase for the PRNG.

Brizinov further stated, "In a real life scenario the attacker will first need to leak the aforementioned GUIDs, brute force the Math.Random state, and gain the admin password. Even after doing so, by default the builtin admin user account is disabled and most users won't enable it." He stressed the importance of not using Math.random() for anything related to security as it does not provide cryptographically secure random numbers. Instead, he recommended using the Web Crypto API, specifically the window.crypto.getRandomValues() method.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.