Primary

Context

Synology SSL VPN Client Plaintext Password Storage Vulnerability

Vulnerability

Patched

A vulnerability allowing plaintext storage of passwords has been identified in Synology SSL VPN Client versions prior to 1.4.5-0684. This vulnerability enables remote attackers to access or manipulate the user's PIN code due to insecure storage practices. The issue could lead to unauthorized VPN configuration and interception of VPN traffic, particularly when combined with user interaction.

Impact

Exploitation of this vulnerability could result in unauthorized access to or manipulation of VPN configuration, allowing interception of VPN traffic.

Remediation

Users are advised to upgrade to Synology SSL VPN Client version 1.4.5-0684 or above.

Added: Apr 10, 2026, 10:46 AM

Updated: Apr 10, 2026, 10:46 AM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

3.1

exploitability

4.2

remediation

7.7

relevance

5.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

3.1

exploitability

4.2

remediation

7.7

relevance

5.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Synology SSL VPN Client Plaintext Password Storage Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Synology SSL VPN Client

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating