NAS Compares OpenSSL Vulnerabilities in Synology & QNAP NAS – What Is Going On?

The Current Synology & QNAP NAS and OpenSSL Security Issues Explained​

As many of you may have heard, in recent weeks there were two vulnerabilities identified in the OpenSSL encryption platform, a popular SSL option for many sites and servers, that provided an opening for particularly industrious interlopers to access a site via a weakness in the platform. Although not a service that is developed by Synology or QNAP NAS, it is used in several smaller areas/applications in their respective DSM and QTS software platforms. This is not uncommon for a brand to use a third-party provider and OpenSSL is one of the most popular open-source SSL platforms in the world. This vulnerability in OpenSSL was identified in late August and although alot has happened in that time, though the vulnerability is beginning to be resolved, it is still not fully resolved on the Synology or QNAP NAS affected software and services. So, today I wanted to go through what an SSL is, what OpenSSL is, the nature of the vulnerabilities, what has been resolved, what hasn’t and ultimately explain where things are right now. Let’s get started!

Continue reading...

To view this content we will need your consent to set third party cookies.
For more detailed information, see our cookies page.

Accept third party cookies

- - -

Check out FREE NAS advice section on nascompares.com

 

[Edge]

OpenSSL is a wreck, any capable vendor has moved or plan to migrate their respective product/system to LibreSSL.
However, it will take some time (and some nasty hits or damage being done by exploits) before couch potatoes at Synology and QNAP make a logical step forward.