CVE-2021-47961
Analyzed Analyzed - Analysis Complete

Plaintext Password Storage in Synology SSL VPN Client Enables Unauthorized Access

Vulnerability report for CVE-2021-47961, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-04-10

Last updated on: 2026-05-29

Assigner: Synology Inc.

Description

A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lead to unauthorized VPN configuration and potential interception of subsequent VPN traffic when combined with user interaction.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-04-10
Last Modified
2026-05-29
Generated
2026-07-06
AI Q&A
2026-04-10
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
synology ssl_vpn_client to 1.4.5-0684 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-256 The product stores a password in plaintext within resources such as memory or files.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability involves the Synology SSL VPN Client versions before 1.4.5-0684 storing passwords in plaintext. Because of this insecure storage, remote attackers can access or influence the user's PIN code.

Exploiting this vulnerability may allow attackers to gain unauthorized access to VPN configurations and potentially intercept VPN traffic if the user interacts with the attacker.

Impact Analysis

The vulnerability can lead to unauthorized access to your VPN configuration by remote attackers.

It may also result in interception of your VPN traffic, compromising the confidentiality and integrity of your communications.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-47961. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart