Synology Inc. Online Community Forum

[scottlindner]

I'm a new Synology owner and just this morning my first volume was ready for use so I created user accounts. Shortly after I find an email in my inbox with my password in the clear!!! Holy cow! The DSM is storing passwords in the clear and worse yet is sending both username and the password in the clear in a single email?!! We need a way to turn this off, all of it.

Passwords should never be stored in the clear, and emailing your password in the clear with your username and full access details is terrible security. As a new feature request, stop storing passwords in the clear.. and never think about emailing full access information in a single message!

Scott

[syno.allen]

Greetings scottlindner:

The user password in DSM is never stored in cleartext. It is stored in a irreversible hash password using standard Linux mechanism.

When admin creates a new user, email will be sent to the new user's email account with cleartext password only once. This is useful that the user can use this password to login and change his/her password immediately.

Regards

[scottlindner]

I'm going to validate that the password is not stored in the clear, but it should NEVER be emailed. The only time a password should be emailed is a temporary password when a password is reset.

If Synology is trying to sell to business, this is going to be a serious no-go. Never send a real password in the clear. Not unless it's a one time temporary password that must be changed on first login. At a minimum, make the default to NEVER send any passwords by email, and allow users/admins to optionally enable the feature if they choose to do it that way.

Feature request: Do not send passwords by email. Or have it as an option that is turned off by default.

[scottlindner]

As further justification. I use GMail, and use multiple passwords depending on the importance of the activity. Since this is a NAS that will only ever be used on my home network but to store very sensitive information such as tax documentations and other financial information I used my highly guarded and very strong password that I only use for financial transactions. To my horror, my new Synology NAS sent it to my GMail account without my knowledge until it had already happened. I knew I set up the notification for when disks failed, but my password for my private NAS on my private LAN?!

Here is further justification as why this is so important to remove from DSM.
http://en.wikipedia.org/wiki/Gmail#Privacy

Privacy

Google automatically scans e-mails to add context-sensitive advertisements to them. Privacy advocates raised concerns that the plan involved scanning their personal, assumed private, e-mails, and that this was a security problem. Allowing e-mail content to be read, even by a computer, raises the risk that the expectation of privacy in e-mail will be reduced. Furthermore, e-mail that non-subscribers choose to send to Gmail accounts is scanned by Gmail as well, even though those senders never agreed to Gmail's terms of service or privacy policy. Google can change its privacy policy unilaterally and Google is technically able to cross-reference cookies across its information-rich product line to make dossiers on individuals. However, most e-mail systems make use of server-side content scanning in order to check for spam.[49][50]

Privacy advocates also regard the lack of disclosed data retention and correlation policies as problematic. Google has the ability to combine information contained in a person's e-mail messages with information from Internet searches. Google has not confirmed how long such information is kept or how it can be used. One of the concerns is that it could be of interest to law enforcement agencies. More than 30 privacy and civil liberties organizations have urged Google to suspend Gmail service until these issues are resolved.[51]

Gmail's privacy policy contains the clause: "residual copies of deleted messages and accounts may take up to 60 days to be deleted from our active servers and may remain in our offline backup systems". Google points out that Gmail adheres to most industry-wide practices. Google has stated that they will "make reasonable efforts to remove deleted information from our systems as quickly as is practical."[52][53]

Google defends its position by citing their use of email-scanning to the user's benefit. Google states that Gmail refrains from displaying ads next to potentially sensitive messages such as those that mention tragedy, catastrophe, or death.[54]

Gmail accounts of human rights activists in China were hacked in a sophisticated attack in late 2009.[55][56] The fact that Gmail stores, analyzes and retains user's email contents makes Gmail an attractive target for such attacks.[57]

The launch of Google Buzz as an opt-out social network immediately drew criticism for violating user privacy because it automatically allowed Gmail users' contacts to view their other contacts.[58][59]

Furthermore, if Synology intends to enter businesses of any size there are increasing laws and IT security standards that this violates which could become a barrier to entry for the entire Synology product line in the future. Sarbanes Oxley maintains retention of emails. That coupled with all information required to access my NAS account were provided in a single email.

Scott

[neeeko]

Google is evil.
Google is...a big spy for big brother disquised as a friendly business....
Google is worst than facebook.

[llcepick]

The issue has not been addressed with 3.0-1354 - this is important to your users!

[hiker1000]

My question. Is there no option for turning off emailing of passwords and user IDs for new users? This would have to be an option, right.

[henkg]

My question. Is there no option for turning off emailing of passwords and user IDs for new users? This would have to be an option, right.

Users guide, page 65 (user creation wizard)
Checkbox "Send a notification mail to the newly created user"

Looks like with this checkbox unchecked, no mail will be sent. (Default value is unchecked)

[llcepick]

The option to not send an email to the new user may work for new users created, but this issue is in reference to the password of an existing user having been changed. Typically, you need that first email to get them the initial password, but when the user goes to change the password, they would not want their new (private) password to be sent in the clear.

[hiker1000]

Yes, I would agree. They need to change this feature.

[Sarav]

+1 Agree very much with the original poster.

[Richard Berg]

Wow, who gave the green light to this "feature"?

Please make the default behavior secure. Let crazy people opt in to emailed passwords if they really want.

[frankacano]

+1 here too.

New user needs to be optional.
Existing user should be NEVER!!!!

Agree with poster on financial password....

This is common sense. Please change ASAP.

[thisisnotbruce]

+1

This set off alarm bells in my head, too.

[kirkireson]

I have a simple workaround for now (thanks to http://forum.synology.com/enu/viewtopic.php?f=39&t=46805&p=178818 )

1. As root, ssh into your box.
2. cd /usr/syno/synoman/webman/texts/enu (go to this directory)
3. cp mails mails.ORIG (make a backup)
4. vi mails (edit the email template -- look on the web for more help in using vi editor)
5. search and replace the text %PASSWD% (I found it twice) with whatever you want, like "****" or "[see admin]"
6. save your edits in vi