Vulnerability Description
The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Windriver | Vxworks | <= 6.8 |
Related Weaknesses (CWE)
References
- http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html
- http://www.kb.cert.org/vuls/id/840249US Government Resource
- http://www.kb.cert.org/vuls/id/MAPG-863QH9
- https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?c
- http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html
- http://www.kb.cert.org/vuls/id/840249US Government Resource
- http://www.kb.cert.org/vuls/id/MAPG-863QH9
- https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?c
FAQ
What is CVE-2010-2967?
CVE-2010-2967 is a vulnerability with a CVSS score of 7.8 (HIGH). The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtai...
How severe is CVE-2010-2967?
CVE-2010-2967 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-2967?
Check the references section above for vendor advisories and patch information. Affected products include: Windriver Vxworks.