ID
VAR-E-201008-1157
TITLE
VxWorks Insecure Password Hashing Vulnerability
Trust: 0.3
DESCRIPTION
VxWorks is prone to a security vulnerability due to an insecure-hashing algorithm.
Successful exploits will allow remote attackers to perform brute-force attacks and obtain the password used for FTP and Telnet services.
The issue affects multiple products from multiple vendors that ship with the VxWorks operating system.
NOTE: This document previously covered two vulnerabilities in VxWorks. The remote security-bypass issue has been moved to BID 42158 (VxWorks Debugging Service Security-Bypass Vulnerability) to allow for better documentation of both issues.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | wind | model: | river systems vxworks | scope: | eq | version: | 0 | Trust: 0.3 |
EXPLOIT
Attackers can exploit this issue using readily available tools.
A Metasploit exploit module has been developed for this issue; reports indicate that it will be publicly available in September 2010.
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Design Error
Trust: 0.3
CREDITS
HD Moore
Trust: 0.3
EXTERNAL IDS
| db: | CERT/CC | id: | VU#840249 | Trust: 0.3 |
| db: | BID | id: | 42114 | Trust: 0.3 |
REFERENCES
| url: | http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html | Trust: 0.3 |
| url: | http://www.windriver.com/ | Trust: 0.3 |
| url: | http://www.kb.cert.org/vuls/id/840249 | Trust: 0.3 |
SOURCES
| db: | BID | id: | 42114 |
LAST UPDATE DATE
2022-07-27T09:43:16.545000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 42114 | date: | 2010-08-05T19:46:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 42114 | date: | 2010-08-02T00:00:00 |