Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to reset password without verification.
When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Diskstation_manager | Synology | * | 6.2-23739 (excluding) |