My Cloud Firmware Version 5.15.106
WDC Tracking Number: WDC-21009
Published: July 13, 2021
Last Updated: July 13, 2021
Description
My Cloud devices were using weak 1024-bit DSA keys that could allow the device to be impersonated. This could lead to credential theft, which might eventually cause a device compromise. However, since RSA keys are the default for modern SSH clients, the impact of this vulnerability is limited to older SSH clients or if an attacker blocks a client from using RSA keys. My Cloud Firmware 5.15.106 contains updates to harden the SSH configuration and improve the security of your My Cloud devices.
For more information on the latest security updates, see the release notes: https://os5releasenotes.mycloud.com/#/
Advisory Summary
Addressed a vulnerability in the My Cloud SSH configuration which could indirectly lead to a device compromise. The vulnerability was addressed by removing the weak DSA keys and hardening the SSH configuration.
CVE Number: CVE-2015-4000
Reported by: Keanu Dölle