CVE-2021-47961
Received Received - Intake
Plaintext Password Storage in Synology SSL VPN Client Enables Unauthorized Access

Publication date: 2026-04-10

Last updated on: 2026-04-10

Assigner: Synology Inc.

Description
A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lead to unauthorized VPN configuration and potential interception of subsequent VPN traffic when combined with user interaction.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-10
Last Modified
2026-04-10
Generated
2026-05-07
AI Q&A
2026-04-10
EPSS Evaluated
2026-05-05
NVD
CVE-2021-47961
EUVD
EUVD-2021-34779
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
synology ssl_vpn_client to 1.4.5-0684 (exc)
synology ssl_vpn_client 1.4.5-0684
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-256 The product stores a password in plaintext within resources such as memory or files.
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :

The vulnerability can lead to unauthorized access to your VPN configuration by remote attackers.

It may also result in interception of your VPN traffic, compromising the confidentiality and integrity of your communications.


Can you explain this vulnerability to me?

This vulnerability involves the Synology SSL VPN Client versions before 1.4.5-0684 storing passwords in plaintext. Because of this insecure storage, remote attackers can access or influence the user's PIN code.

Exploiting this vulnerability may allow attackers to gain unauthorized access to VPN configurations and potentially intercept VPN traffic if the user interacts with the attacker.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart