WD Discovery, Cross Site Request Forgery (CSRF)


WDC Tracking Number: WDC-20004
Product Line/Web:  My Cloud Home
Published: April 27, 2020

Last Updated: April 27, 2020

Description

The WD Discovery application for My Cloud Home on Mac and Windows was vulnerable to CSRF attacks on an internal interface. This vulnerability could allow an attacker to initiate a synchronization operation between local folders and a chosen remote server.

Product Impact
Last Updated
WD Discovery for Mac
April 27, 2020
WD Discovery for Windows
April 27, 2020

Advisory Summary

A component of WD Discovery was vulnerable to a CSRF attack that could allow a malicious website to initiate synchronization operations. This vulnerability was addressed by using CSRF tokens with every request.

CVE Number: CVE-2020-12427