A recently identified medium-severity flaw in Synology’s DiskStation Manager (DSM) could potentially be exploited by cyber attackers to gain unfettered access to administrator accounts. The vulnerability, known by the identifier CVE-2023-2729, enables attackers to leak information necessary to restore the seed of the pseudorandom number generator (PRNG), reconstruct the admin password, and remotely take over the admin account. This was revealed in a report by Sharon Brizinov from Claroty, a cybersecurity specialist.
Synology has responded to this issue by rolling out updates to address this flaw in June 2023. However, the inherent problem lies in the software’s reliance on a weaker random number generator that employs the JavaScript method Math.random() to formulate the admin password for the network-attached storage (NAS) device.
This issue is commonly known as insecure randomness. It is a situation where a function can yield predictable values or does not possess enough entropy, thus serving as a source of randomness in a security context. This makes it possible for attackers to decrypt the encryption and undermine the integrity of sensitive information and systems.
Because of this flaw, a threat actor could potentially predict the generated password and gain access to functions otherwise restricted. For an assault to be successful, it would hinge on the attacker successfully extracting a few Globally Unique Identifiers (GUIDs). These are also generated using the same method during the setup process, allowing the attacker to reconstruct the seed phrase for the PRNG.
“By leaking the output of a few Math.Random() generated numbers, It was possible to reconstruct the seed for the PRNG and use it to brute-force the admin password,” Brizinov explained. “Finally, we were able to use the password to log in to the admin account (after enabling it).”
However, Brizinov emphasized that to pull off a successful attack, the cybercriminal would first need to leak the mentioned GUIDs, brute force the Math.random state, and acquire the admin password. But, even after successfully doing so, the built-in admin user account is disabled by default, and most users don’t usually enable it.
It is important to note that Math.random() does not generate cryptographically secure random numbers and should not be used for anything related to security. Brizinov recommends using the Web Crypto API instead, and specifically the window.crypto.getRandomValues() method.
The vulnerability in Synology’s DSM software highlights the ongoing challenges faced by all in the digital world. It is a strong reminder of the importance of regularly updating software to stay ahead of potential vulnerabilities and threats.