Notified: June 14, 2010 Updated: August 04, 2010
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 29, 2010 Updated: August 04, 2010
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 14, 2010 Updated: August 04, 2010
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 29, 2010 Updated: August 04, 2010
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 29, 2010 Updated: August 04, 2010
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 29, 2010 Updated: August 04, 2010
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 29, 2010 Updated: August 04, 2010
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 29, 2010 Updated: August 04, 2010
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 29, 2010 Updated: August 04, 2010
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 29, 2010 Updated: August 04, 2010
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 29, 2010 Updated: August 04, 2010
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 03, 2010 Updated: August 03, 2010
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 29, 2010 Updated: August 09, 2010
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 29, 2010 Updated: August 04, 2010
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 29, 2010 Updated: August 04, 2010
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 29, 2010 Updated: August 04, 2010
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 29, 2010 Updated: August 04, 2010
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 29, 2010 Updated: August 04, 2010
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 29, 2010 Updated: August 04, 2010
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 29, 2010 Updated: August 04, 2010
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 14, 2010 Updated: August 04, 2010
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 29, 2010 Updated: August 04, 2010
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 29, 2010 Updated: August 04, 2010
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 29, 2010 Updated: August 04, 2010
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 29, 2010 Updated: August 04, 2010
Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 29, 2010 Updated: August 04, 2010
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 29, 2010 Updated: August 04, 2010
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 29, 2010 Updated: August 04, 2010
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 29, 2010 Updated: August 04, 2010
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 29, 2010 Updated: August 04, 2010
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 03, 2010 Updated: August 03, 2010
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 29, 2010 Updated: August 04, 2010
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 29, 2010 Updated: August 04, 2010
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 29, 2010 Updated: August 04, 2010
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 29, 2010 Updated: August 04, 2010
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 29, 2010 Updated: August 04, 2010
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 29, 2010 Updated: August 04, 2010
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 29, 2010 Updated: August 04, 2010
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 29, 2010 Updated: August 04, 2010
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 29, 2010 Updated: August 04, 2010
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 29, 2010 Updated: August 04, 2010
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 29, 2010 Updated: August 04, 2010
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 14, 2010 Updated: July 14, 2010
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 29, 2010 Updated: August 04, 2010
Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 29, 2010 Updated: August 04, 2010
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 29, 2010 Updated: August 06, 2010
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 07, 2010 Updated: August 02, 2010
Statement Date: July 15, 2010
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Rockwell Automation has indicated that they are not affected by this vulnerability.
Notified: June 29, 2010 Updated: August 04, 2010
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 29, 2010 Updated: August 04, 2010
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 29, 2010 Updated: April 29, 2011
Not Affected
Security Advisory Report - OBSO-1007-01 Wind River VxWorks: weak default hashing algorithm in standard authentication API (loginLib) Creation Date: 2010-07-22 Last Update: 2010-07-22 Summary Wind River has published a security advisory, which states, that the default hashing algorithm that is used in the standard authentication API for VxWorks is susceptible to collisions. An attacker can brute force a password by guessing a string that produces the same hash as a legitimate password. Vulnerability Details An attacker with a known username and access to a service (telnet, rlogin or FTP) that uses the standard authentication API (loginDefaultEncrypt (), part of loginLib) can brute force the password in a relatively short period of time. Since the hashing algorithm is susceptible to collisions, the actual password does not have to be found, just a string that produces the same hash. For instance, when the default 'target/password' login example is used, 'y{{{{{kS' hashes to the same string as 'password'. It is thus possible to login using both 'password' and 'y{{{{{kS' as the passwords for the user 'target'. Impact: Because an attacker can brute force a correct password by guessing a string that produces the same hash and access the relevant service as a known user. Applications such as rlogin, telnet, and FTP rely on loginLib for security, and can be used to gain access to the device. Affected Products No products from Siemens Enterprise Communications are affected. The following products include VxWorks as operating system, but none of them make use of the standard login library: HiPath 4000 HiPath 3000 (HG 1500) HiPath Wireless Convergence optiPoint 410/420 HFA/SIP RG 8700 Recommended Actions None. References https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=033709 Revision History 2010-07-22 Initial Release Contact and Disclaimer OpenScale Baseline Security Office obso@siemens-enterprise.com © Siemens Enterprise Communications GmbH & Co KG 2010 Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG The information provided in this document is subject to change without notice. Siemens Enterpise Communications GmbH & Co KG (SEN) assumes no responsibility for any errors that may appear in this document, and it does not affect your current support agreements with SEN. Any trademarks referenced in this document are the property of their respective owners. ---End Vendor Statement-----------------------------------------
The above information was provided by the vendor.
Notified: June 29, 2010 Updated: August 04, 2010
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 29, 2010 Updated: August 04, 2010
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 29, 2010 Updated: August 04, 2010
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 03, 2010 Updated: August 02, 2010
Affected
Wind River has analyzed VU#840249, and determined that all versions of VxWorks that use the default hash algorithm (loginDefaultEncrypt) in loginLib can be vulnerable. VxWorks has a very strong track record of offering secure products and Wind River is committed to active threat monitoring, rapid assessment, threat prioritization, expedited remediation, response and proactive customer contact. Customers are encouraged to follow one of the remediation actions outlined in the SOLUTION section of the vulnerability post. When released, VxWorks 6.9 will further strengthen the default hash algorithm. Registered users can access Wind River's online support for more information by following the link below. Registered users will also find patches to remove the 80 characters limitation for encrypted password string length on VxWorks versions 5.5.1 through 6.4. https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=033709 Or contact Wind River technical support for more information: http://windriver.com/support/
We are not aware of further vendor information regarding this vulnerability.
Notified: June 29, 2010 Updated: August 04, 2010
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.