CVE-2023-52950
Description
Missing encryption of sensitive data vulnerability in login component in Synology Active Backup for Business Agent before 2.7.0-3221 allows adjacent man-in-the-middle attackers to obtain user credential via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing encryption in Synology Active Backup for Business Agent login component allows adjacent MITM attackers to steal user credentials.
Vulnerability
Missing encryption of sensitive data in the login component of Synology Active Backup for Business Agent before version 2.7.0-3221 allows an adjacent man-in-the-middle attacker to obtain user credentials via unspecified vectors [1]. The vulnerability affects all versions prior to the fix.
Exploitation
An attacker must be on the same network (adjacent) and perform a man-in-the-middle attack. The CVSS attack complexity is High (AC:H), indicating that special conditions or a race window may be required. No authentication or user interaction is needed [1]. The exact exploitation steps are not disclosed, but the attack involves intercepting unencrypted sensitive data during the login process.
Impact
Successful exploitation results in the disclosure of user credentials, leading to a High confidentiality impact. Integrity and availability are not affected [1]. The attacker can use the obtained credentials to access the backup agent or potentially other systems.
Mitigation
Synology has released version 2.7.0-3221 which fixes the vulnerability. Users should upgrade to this version or later. No workaround is available [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2<2.7.0-3221+ 1 more
- (no CPE)range: <2.7.0-3221
- (no CPE)range: *
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.synology.com/en-global/security/advisory/Synology_SA_24_11mitrevendor-advisory
News mentions
0No linked articles in our index yet.