Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2010-2967 (GCVE-0-2010-2967)
Vulnerability from cvelistv5 – Published: 2010-08-04 21:00 – Updated: 2024-09-16 16:57
VLAI?
EPSS
Summary
The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:55:45.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=033709"
},
{
"name": "VU#840249",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/840249"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/MAPG-863QH9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-08-04T21:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=033709"
},
{
"name": "VU#840249",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/840249"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kb.cert.org/vuls/id/MAPG-863QH9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2967",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=033709",
"refsource": "CONFIRM",
"url": "https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=033709"
},
{
"name": "VU#840249",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/840249"
},
{
"name": "http://www.kb.cert.org/vuls/id/MAPG-863QH9",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/MAPG-863QH9"
},
{
"name": "http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html",
"refsource": "MISC",
"url": "http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2967",
"datePublished": "2010-08-04T21:00:00.000Z",
"dateReserved": "2010-08-04T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:57:53.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2010-2967",
"date": "2026-04-17",
"epss": "0.0156",
"percentile": "0.81518"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2010-2967\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2010-08-05T13:22:29.857\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session.\"},{\"lang\":\"es\",\"value\":\"El algoritmo loginDefaultEncrypt en loginLib en Wind River VxWorks anterior v6.9 no soporta adecuadamente un amplio conjunto de distintas posibilidades de contrase\u00f1a, lo que hace f\u00e1cil para atacantes remotos obtner acceso a trav\u00e9s de una sesi\u00f3n (1) telnet, (2) rlogin, o (3) FTP.\\r\\n\\r\\n\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:N/A:N\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-310\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.8\",\"matchCriteriaId\":\"8EB179D9-BA84-4DEA-88DF-AC3D0DE76EE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:windriver:vxworks:5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F69B80D9-E6A6-4761-9EE3-3EF5E55EFA8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:windriver:vxworks:5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE3680A0-7B0C-4E91-97D7-B3F33EE1569A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:windriver:vxworks:6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91724364-0D8C-4FC2-9AA6-1ADCEDE86DE8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:windriver:vxworks:6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F452ABB-0174-4EC5-A82B-9D1164EBB163\"}]}]}],\"references\":[{\"url\":\"http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/840249\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/MAPG-863QH9\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=033709\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/840249\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/MAPG-863QH9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=033709\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
GSD-2010-2967
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2010-2967",
"description": "The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session.",
"id": "GSD-2010-2967"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2010-2967"
],
"details": "The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session.",
"id": "GSD-2010-2967",
"modified": "2023-12-13T01:21:30.909965Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2967",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=033709",
"refsource": "CONFIRM",
"url": "https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=033709"
},
{
"name": "VU#840249",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/840249"
},
{
"name": "http://www.kb.cert.org/vuls/id/MAPG-863QH9",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/MAPG-863QH9"
},
{
"name": "http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html",
"refsource": "MISC",
"url": "http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:windriver:vxworks:5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:windriver:vxworks:6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:windriver:vxworks:5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.8",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:windriver:vxworks:6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2967"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kb.cert.org/vuls/id/MAPG-863QH9",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.kb.cert.org/vuls/id/MAPG-863QH9"
},
{
"name": "https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=033709",
"refsource": "CONFIRM",
"tags": [],
"url": "https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=033709"
},
{
"name": "http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html",
"refsource": "MISC",
"tags": [],
"url": "http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html"
},
{
"name": "VU#840249",
"refsource": "CERT-VN",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/840249"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2010-08-05T13:22Z",
"publishedDate": "2010-08-05T13:22Z"
}
}
}
FKIE_CVE-2010-2967
Vulnerability from fkie_nvd - Published: 2010-08-05 13:22 - Updated: 2025-04-11 00:51
Severity ?
Summary
The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB179D9-BA84-4DEA-88DF-AC3D0DE76EE1",
"versionEndIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:windriver:vxworks:5:*:*:*:*:*:*:*",
"matchCriteriaId": "F69B80D9-E6A6-4761-9EE3-3EF5E55EFA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:windriver:vxworks:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FE3680A0-7B0C-4E91-97D7-B3F33EE1569A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:windriver:vxworks:6:*:*:*:*:*:*:*",
"matchCriteriaId": "91724364-0D8C-4FC2-9AA6-1ADCEDE86DE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:windriver:vxworks:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1F452ABB-0174-4EC5-A82B-9D1164EBB163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session."
},
{
"lang": "es",
"value": "El algoritmo loginDefaultEncrypt en loginLib en Wind River VxWorks anterior v6.9 no soporta adecuadamente un amplio conjunto de distintas posibilidades de contrase\u00f1a, lo que hace f\u00e1cil para atacantes remotos obtner acceso a trav\u00e9s de una sesi\u00f3n (1) telnet, (2) rlogin, o (3) FTP.\r\n\r\n"
}
],
"id": "CVE-2010-2967",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-08-05T13:22:29.857",
"references": [
{
"source": "cve@mitre.org",
"url": "http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/840249"
},
{
"source": "cve@mitre.org",
"url": "http://www.kb.cert.org/vuls/id/MAPG-863QH9"
},
{
"source": "cve@mitre.org",
"url": "https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=033709"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/840249"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.kb.cert.org/vuls/id/MAPG-863QH9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=033709"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-6F67-XH36-3Q73
Vulnerability from github – Published: 2022-05-17 05:49 – Updated: 2022-05-17 05:49
VLAI?
Details
The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session.
{
"affected": [],
"aliases": [
"CVE-2010-2967"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2010-08-05T13:22:00Z",
"severity": "HIGH"
},
"details": "The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session.",
"id": "GHSA-6f67-xh36-3q73",
"modified": "2022-05-17T05:49:23Z",
"published": "2022-05-17T05:49:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2967"
},
{
"type": "WEB",
"url": "https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=033709"
},
{
"type": "WEB",
"url": "http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/840249"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/MAPG-863QH9"
}
],
"schema_version": "1.4.0",
"severity": []
}
VAR-201008-1004
Vulnerability from variot - Updated: 2026-03-09 20:16The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session. Some products based on VxWorks have the WDB target agent debug service enabled by default. This service provides read/write access to the device's memory and allows functions to be called. The VxWorks WDB target agent is a target-resident, run-time facility that is required for connecting host tools to a VxWorks target system during development. WDB is a selectable component in the VxWorks configuration and is enabled by default. The WDB debug agent access is not secured and does provide a security hole in a deployed system. It is advisable for production systems to reconfigure VxWorks with only those components needed for deployed operation and to build it as the appropriate type of system image. It is recommended to remove host development components such as the WDB target agent and debugging components (INCLUDE_WDB and INCLUDE_DEBUG) as well as other operating system components that are not required to support customer applications. Consult the VxWorks Kernel Programmer's guide for more information on WDB.Additional information can be found in ICS-CERT advisory ICSA-10-214-01 and on the Metasploit Blog. An attacker can use the debug service to fully compromise the device. The hashing algorithm that is used in the standard authentication API for VxWorks is susceptible to collisions. An attacker can brute force a password by guessing a string that produces the same hash as a legitimate password. VxWorks is an embedded real-time operating system. VxWorks has multiple security vulnerabilities that allow an attacker to bypass security restrictions and gain unauthorized access to the system. For example, when logging in with the default 'target/password', 'y{{{{{SS' will HASH out the same result as 'password'. So you can use 'password' and 'y{{{{{SS' as the password to log in. Vendor affected: TP-Link (http://tp-link.com)
Products affected: * All TP-Link VxWorks-based devices (confirmed by vendor) * All "2-series" switches (confirmed by vendor) * TL-SG2008 semi-managed switch (confirmed by vendor) * TL-SG2216 semi-managed switch (confirmed by vendor) * TL-SG2424 semi-managed switch (confirmed by vendor) * TL-SG2424P semi-managed switch (confirmed by vendor) * TL-SG2452 semi-managed switch (confirmed by vendor)
Vulnerabilities: * All previously-reported VxWorks vulnerabilities from 6.6.0 on; at the very least: * CVE-2013-0716 (confirmed by vendor) * CVE-2013-0715 (confirmed by vendor) * CVE-2013-0714 (confirmed by vendor) * CVE-2013-0713 (confirmed by vendor) * CVE-2013-0712 (confirmed by vendor) * CVE-2013-0711 (confirmed by vendor) * CVE-2010-2967 (confirmed by vendor) * CVE-2010-2966 (confirmed by vendor) * CVE-2008-2476 (confirmed by vendor) * SSLv2 is available and cannot be disabled unless HTTPS is completely disabled (allows downgrade attacks) (confirmed by vendor) * SSL (v2, v3) offers insecure cipher suites and HMACs which cannot be disabled (allows downgrade attacks) (confirmed by vendor)
Design flaws: * Telnet is available and cannot be disabled (confirmed by vendor) * SSHv1 enabled by default if SSH is enabled (confirmed by vendor)
Vendor response: TP-Link are not convinced that these flaws should be repaired.
TP-Link's Internet presence -- or at least DNS -- is available only intermittently. Most emails bounced. Lost contact with vendor, but did confirm that development lead is now on holiday and will not return for at least a week.
Initial vendor reaction was to recommend purchase of "3-series" switches. Vendor did not offer reasons why "3-series" switches would be more secure, apart from lack of telnet service. Vendor confirmed that no development time can be allocated to securing "2-series" product and all focus has shifted to newer products.
(TL-SG2008 first product availability July 2014...)
Vendor deeply confused about security of DES/3DES, MD5, claimed that all security is relative. ("...[E]ven SHA-1 can be cracked, they just have different security level.")
Fix availability: None.
Work-arounds advised: None possible. Remove products from network. R7-0034: VxWorks WDB Agent Debug Service Exposure August 2, 2010
-- Rapid7 Customer Protection: Rapid7 NeXpose customers have access to a vulnerability check for this flaw as of the latest update. More information about this check can be found online at:
http://www.rapid7.com/vulndb/lookup/vxworks-wdbrpc-exposed
-- Vulnerability Details: This vulnerability allows remote attackers to read memory, write memory, execute code, and ultimately take complete control of the affected device. This issue affects over 100 different vendors and a multitude of products, both shipping and end-of-life. A spreadsheet of identified products affected by this flaw can be found at the URL below. This index is not comprehensive and not all devices found are still supported.
http://www.metasploit.com/data/confs/bsideslv2010/VxWorksDevices.xls
This flaw occurs due to an insecure setting in the configuration file of the manufacturer's source code. This setting results in a system- debug service being exposed on UDP port 17185. More information about this issue can be found at the Metasploit blog:
http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html
-- Vendor Response: Wind River Systems has notified their customers of the issue and indicated that the WDB agent should be disabled for production builds. CERT has notified every vendor with an identified, shipping product containing this vulnerability. Responses for each specific vendor can be found in the CERT advisory:
http://www.kb.cert.org/vuls/id/362332
-- Disclosure Timeline: 2010-06-02 - Vulnerability reported to CERT for vendor notification 2010-08-02 - Coordinated public release of advisory
-- Credit: This vulnerability had been discovered in specific devices in multiple instances, first by Bennett Todd in 2002 and then Shawn Merdinger in 2005. A comprehensive analysis of all affected devices was conducted by HD Moore in 2010.
-- About Rapid7 Security Rapid7 provides vulnerability management, compliance and penetration testing solutions for Web application, network and database security. In addition to developing the NeXpose Vulnerability Management system, Rapid7 manages the Metasploit Project and is the primary sponsor of the W3AF web assessment tool.
Our vulnerability disclosure policy is available online at:
http://www.rapid7.com/disclosure.jsp
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "vxworks",
"scope": "eq",
"trust": 1.6,
"vendor": "windriver",
"version": "5.5"
},
{
"_id": null,
"model": "vxworks",
"scope": "eq",
"trust": 1.6,
"vendor": "windriver",
"version": "5"
},
{
"_id": null,
"model": "vxworks",
"scope": "eq",
"trust": 1.6,
"vendor": "windriver",
"version": "6.4"
},
{
"_id": null,
"model": "vxworks",
"scope": "eq",
"trust": 1.6,
"vendor": "windriver",
"version": "6"
},
{
"_id": null,
"model": "vxworks",
"scope": "lte",
"trust": 1.0,
"vendor": "windriver",
"version": "6.8"
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ericsson",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "polycom",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "wind river",
"version": null
},
{
"_id": null,
"model": "vxworks",
"scope": "lt",
"trust": 0.8,
"vendor": "wind river",
"version": "6.9"
},
{
"_id": null,
"model": "river systems vxworks through",
"scope": "eq",
"trust": 0.6,
"vendor": "wind",
"version": "6.56.9"
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "no",
"version": null
},
{
"_id": null,
"model": "vxworks",
"scope": "eq",
"trust": 0.6,
"vendor": "windriver",
"version": "6.8"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vxworks",
"version": "5"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vxworks",
"version": "5.5"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vxworks",
"version": "6"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vxworks",
"version": "6.4"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vxworks",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1"
},
{
"db": "CERT/CC",
"id": "VU#840249"
},
{
"db": "CNVD",
"id": "CNVD-2010-3889"
},
{
"db": "CNVD",
"id": "CNVD-2010-1489"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-031"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005614"
},
{
"db": "NVD",
"id": "CVE-2010-2967"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:windriver:vxworks",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-005614"
}
]
},
"credits": {
"_id": null,
"data": "Thanks to HD Moore for reporting a wider scope with additional research related to this vulnerability. Earlier public reports came from Bennett Todd and Shawn Merdinger. This document was written by Jared Allar. ",
"sources": [
{
"db": "CERT/CC",
"id": "VU#362332"
}
],
"trust": 0.8
},
"cve": "CVE-2010-2967",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2010-2967",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 10.0,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 9.5,
"exploitability": "HIGH",
"exploitabilityScore": 10.0,
"id": "CVE-2010-2965",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "HIGH",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CARNEGIE MELLON",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 10.0,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 9.5,
"exploitability": "HIGH",
"exploitabilityScore": 10.0,
"id": "VU#840249",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "NOT DEFINED",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2010-3889",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "bab59964-1fb2-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "0183e958-2356-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d72f2c0-463f-11e9-98f5-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "7d753cb1-463f-11e9-876d-000c29342cb1",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-2967",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2010-2965",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#840249",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2010-2967",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2010-3889",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201008-031",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "bab59964-1fb2-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7d72f2c0-463f-11e9-98f5-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "bab59964-1fb2-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d72f2c0-463f-11e9-98f5-000c29342cb1"
},
{
"db": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1"
},
{
"db": "CERT/CC",
"id": "VU#362332"
},
{
"db": "CERT/CC",
"id": "VU#840249"
},
{
"db": "CNVD",
"id": "CNVD-2010-3889"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-031"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005614"
},
{
"db": "NVD",
"id": "CVE-2010-2967"
}
]
},
"description": {
"_id": null,
"data": "The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session. Some products based on VxWorks have the WDB target agent debug service enabled by default. This service provides read/write access to the device\u0027s memory and allows functions to be called. The VxWorks WDB target agent is a target-resident, run-time facility that is required for connecting host tools to a VxWorks target system during development. WDB is a selectable component in the VxWorks configuration and is enabled by default. The WDB debug agent access is not secured and does provide a security hole in a deployed system. It is advisable for production systems to reconfigure VxWorks with only those components needed for deployed operation and to build it as the appropriate type of system image. It is recommended to remove host development components such as the WDB target agent and debugging components (INCLUDE_WDB and INCLUDE_DEBUG) as well as other operating system components that are not required to support customer applications. Consult the VxWorks Kernel Programmer\u0027s guide for more information on WDB.Additional information can be found in ICS-CERT advisory ICSA-10-214-01 and on the Metasploit Blog. An attacker can use the debug service to fully compromise the device. The hashing algorithm that is used in the standard authentication API for VxWorks is susceptible to collisions. An attacker can brute force a password by guessing a string that produces the same hash as a legitimate password. VxWorks is an embedded real-time operating system. VxWorks has multiple security vulnerabilities that allow an attacker to bypass security restrictions and gain unauthorized access to the system. For example, when logging in with the default \u0027target/password\u0027, \u0027y{{{{{SS\u0027 will HASH out the same result as \u0027password\u0027. So you can use \u0027password\u0027 and \u0027y{{{{{SS\u0027 as the password to log in. Vendor affected: TP-Link (http://tp-link.com)\n\nProducts affected:\n * All TP-Link VxWorks-based devices (confirmed by vendor)\n * All \"2-series\" switches (confirmed by vendor)\n * TL-SG2008 semi-managed switch (confirmed by vendor)\n * TL-SG2216 semi-managed switch (confirmed by vendor)\n * TL-SG2424 semi-managed switch (confirmed by vendor)\n * TL-SG2424P semi-managed switch (confirmed by vendor)\n * TL-SG2452 semi-managed switch (confirmed by vendor)\n\nVulnerabilities:\n * All previously-reported VxWorks vulnerabilities from 6.6.0 on;\n at the very least:\n * CVE-2013-0716 (confirmed by vendor)\n * CVE-2013-0715 (confirmed by vendor)\n * CVE-2013-0714 (confirmed by vendor)\n * CVE-2013-0713 (confirmed by vendor)\n * CVE-2013-0712 (confirmed by vendor)\n * CVE-2013-0711 (confirmed by vendor)\n * CVE-2010-2967 (confirmed by vendor)\n * CVE-2010-2966 (confirmed by vendor)\n * CVE-2008-2476 (confirmed by vendor)\n * SSLv2 is available and cannot be disabled unless HTTPS is\n completely disabled (allows downgrade attacks)\n (confirmed by vendor)\n * SSL (v2, v3) offers insecure cipher suites and HMACs which cannot\n be disabled (allows downgrade attacks)\n (confirmed by vendor)\n\nDesign flaws:\n * Telnet is available and cannot be disabled (confirmed by vendor)\n * SSHv1 enabled by default if SSH is enabled (confirmed by vendor)\n\nVendor response:\n TP-Link are not convinced that these flaws should be repaired. \n\n TP-Link\u0027s Internet presence -- or at least DNS -- is available only\n intermittently. Most emails bounced. Lost contact with vendor, but\n did confirm that development lead is now on holiday and will not\n return for at least a week. \n\n Initial vendor reaction was to recommend purchase of \"3-series\"\n switches. Vendor did not offer reasons why \"3-series\" switches would\n be more secure, apart from lack of telnet service. Vendor confirmed\n that no development time can be allocated to securing \"2-series\"\n product and all focus has shifted to newer products. \n\n (TL-SG2008 first product availability July 2014...)\n\n Vendor deeply confused about security of DES/3DES, MD5, claimed that\n all security is relative. (\"...[E]ven SHA-1 can be cracked, they just\n have different security level.\")\n\nFix availability:\n None. \n\nWork-arounds advised:\n None possible. Remove products from network. R7-0034: VxWorks WDB Agent Debug Service Exposure\nAugust 2, 2010\n\n-- Rapid7 Customer Protection:\nRapid7 NeXpose customers have access to a vulnerability check for this\nflaw as of the latest update. More information about this check can be\nfound online at:\n\n http://www.rapid7.com/vulndb/lookup/vxworks-wdbrpc-exposed\n\n-- Vulnerability Details:\nThis vulnerability allows remote attackers to read memory, write memory,\nexecute code, and ultimately take complete control of the affected\ndevice. This issue affects over 100 different vendors and a multitude of\nproducts, both shipping and end-of-life. A spreadsheet of identified\nproducts affected by this flaw can be found at the URL below. This index\nis not comprehensive and not all devices found are still supported. \n\n http://www.metasploit.com/data/confs/bsideslv2010/VxWorksDevices.xls\n\nThis flaw occurs due to an insecure setting in the configuration file of\nthe manufacturer\u0027s source code. This setting results in a system- debug\nservice being exposed on UDP port 17185. More information about this issue can be found\nat the Metasploit blog:\n\n http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html\n\n-- Vendor Response:\nWind River Systems has notified their customers of the issue and\nindicated that the WDB agent should be disabled for production builds. \nCERT has notified every vendor with an identified, shipping product\ncontaining this vulnerability. Responses for each specific vendor can be\nfound in the CERT advisory:\n\n http://www.kb.cert.org/vuls/id/362332\n\n-- Disclosure Timeline:\n2010-06-02 - Vulnerability reported to CERT for vendor notification\n2010-08-02 - Coordinated public release of advisory\n\n-- Credit:\nThis vulnerability had been discovered in specific devices in multiple\ninstances, first by Bennett Todd in 2002 and then Shawn Merdinger in\n2005. A comprehensive analysis of all affected devices was conducted by\nHD Moore in 2010. \n\n-- About Rapid7 Security\nRapid7 provides vulnerability management, compliance and penetration\ntesting solutions for Web application, network and database security. In\naddition to developing the NeXpose Vulnerability Management system,\nRapid7 manages the Metasploit Project and is the primary sponsor of the\nW3AF web assessment tool. \n\nOur vulnerability disclosure policy is available online at:\n\n http://www.rapid7.com/disclosure.jsp\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-2967"
},
{
"db": "CERT/CC",
"id": "VU#362332"
},
{
"db": "CERT/CC",
"id": "VU#840249"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005614"
},
{
"db": "CNVD",
"id": "CNVD-2010-3889"
},
{
"db": "CNVD",
"id": "CNVD-2010-1489"
},
{
"db": "IVD",
"id": "bab59964-1fb2-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d72f2c0-463f-11e9-98f5-000c29342cb1"
},
{
"db": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1"
},
{
"db": "PACKETSTORM",
"id": "128512"
},
{
"db": "PACKETSTORM",
"id": "92448"
}
],
"trust": 5.04
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://www.kb.cert.org/vuls/id/362332",
"trust": 0.8,
"type": "unknown"
},
{
"reference": "https://www.kb.cert.org/vuls/id/840249",
"trust": 0.8,
"type": "unknown"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#362332"
},
{
"db": "CERT/CC",
"id": "VU#840249"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2010-2967",
"trust": 3.5
},
{
"db": "CERT/CC",
"id": "VU#840249",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-10-214-01",
"trust": 1.6
},
{
"db": "CERT/CC",
"id": "VU#362332",
"trust": 1.5
},
{
"db": "CNVD",
"id": "CNVD-2010-1489",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2010-3889",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201008-031",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005614",
"trust": 0.8
},
{
"db": "BID",
"id": "42114",
"trust": 0.6
},
{
"db": "IVD",
"id": "BAB59964-1FB2-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "0183E958-2356-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D72F2C0-463F-11E9-98F5-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D753CB1-463F-11E9-876D-000C29342CB1",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "128512",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "92448",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "bab59964-1fb2-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d72f2c0-463f-11e9-98f5-000c29342cb1"
},
{
"db": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1"
},
{
"db": "CERT/CC",
"id": "VU#362332"
},
{
"db": "CERT/CC",
"id": "VU#840249"
},
{
"db": "CNVD",
"id": "CNVD-2010-3889"
},
{
"db": "CNVD",
"id": "CNVD-2010-1489"
},
{
"db": "PACKETSTORM",
"id": "128512"
},
{
"db": "PACKETSTORM",
"id": "92448"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-031"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005614"
},
{
"db": "NVD",
"id": "CVE-2010-2967"
}
]
},
"id": "VAR-201008-1004",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "bab59964-1fb2-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d72f2c0-463f-11e9-98f5-000c29342cb1"
},
{
"db": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2010-3889"
},
{
"db": "CNVD",
"id": "CNVD-2010-1489"
}
],
"trust": 2.50988144
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.4
},
{
"category": [
"IoT",
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "IVD",
"id": "bab59964-1fb2-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d72f2c0-463f-11e9-98f5-000c29342cb1"
},
{
"db": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2010-3889"
},
{
"db": "CNVD",
"id": "CNVD-2010-1489"
}
]
},
"last_update_date": "2026-03-09T20:16:07.120000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.windriver.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-005614"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-310",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-005614"
},
{
"db": "NVD",
"id": "CVE-2010-2967"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.4,
"url": "https://support.windriver.com/olsportal/faces/maintenance/downloaddetails.jspx?contentid=033709"
},
{
"trust": 2.4,
"url": "http://www.kb.cert.org/vuls/id/840249"
},
{
"trust": 2.3,
"url": "http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html"
},
{
"trust": 1.6,
"url": "https://community.rapid7.com/community/metasploit/blog/2010/08/02/shiny-old-vxworks-vulnerabilities"
},
{
"trust": 1.6,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-10-214-01_vxworks_vulnerabilities.pdf"
},
{
"trust": 1.6,
"url": "http://blogs.windriver.com/chauhan/2010/08/vxworks-secure.html"
},
{
"trust": 1.6,
"url": "http://www.kb.cert.org/vuls/id/mapg-863qh9"
},
{
"trust": 0.8,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20051116-7920.shtml"
},
{
"trust": 0.8,
"url": "http://seclists.org/vuln-dev/2002/may/179"
},
{
"trust": 0.8,
"url": "https://support.windriver.com/olsportal/faces/maintenance/downloaddetails.jspx?contentid=033708"
},
{
"trust": 0.8,
"url": "http://thesauceofutterpwnage.blogspot.com/2010/08/metasploit-vxworks-wdb-agent-attack.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/215.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/505.html"
},
{
"trust": 0.8,
"url": "http://newsoft-tech.blogspot.com/2010/09/follow-up-on-vxworks-issue.html"
},
{
"trust": 0.8,
"url": "http://cvk.posterous.com/how-to-crack-vxworks-password-hashes"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/327.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/916.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2967"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2967"
},
{
"trust": 0.6,
"url": "http://www.kb.cert.org/vuls/id/362332http"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2966"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0713"
},
{
"trust": 0.1,
"url": "http://tp-link.com)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0715"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2967"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2476"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0716"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0712"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0711"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0714"
},
{
"trust": 0.1,
"url": "http://www.rapid7.com/disclosure.jsp"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/362332"
},
{
"trust": 0.1,
"url": "http://www.rapid7.com/vulndb/lookup/vxworks-wdbrpc-exposed"
},
{
"trust": 0.1,
"url": "http://www.metasploit.com/data/confs/bsideslv2010/vxworksdevices.xls"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#362332"
},
{
"db": "CERT/CC",
"id": "VU#840249"
},
{
"db": "CNVD",
"id": "CNVD-2010-3889"
},
{
"db": "CNVD",
"id": "CNVD-2010-1489"
},
{
"db": "PACKETSTORM",
"id": "128512"
},
{
"db": "PACKETSTORM",
"id": "92448"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-031"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005614"
},
{
"db": "NVD",
"id": "CVE-2010-2967"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "bab59964-1fb2-11e6-abef-000c29c66e3d",
"ident": null
},
{
"db": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d",
"ident": null
},
{
"db": "IVD",
"id": "7d72f2c0-463f-11e9-98f5-000c29342cb1",
"ident": null
},
{
"db": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1",
"ident": null
},
{
"db": "CERT/CC",
"id": "VU#362332",
"ident": null
},
{
"db": "CERT/CC",
"id": "VU#840249",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2010-3889",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2010-1489",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "128512",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "92448",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201008-031",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005614",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2010-2967",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2010-08-03T00:00:00",
"db": "IVD",
"id": "bab59964-1fb2-11e6-abef-000c29c66e3d",
"ident": null
},
{
"date": "2010-08-05T00:00:00",
"db": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d",
"ident": null
},
{
"date": "2010-08-03T00:00:00",
"db": "IVD",
"id": "7d72f2c0-463f-11e9-98f5-000c29342cb1",
"ident": null
},
{
"date": "2010-08-05T00:00:00",
"db": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1",
"ident": null
},
{
"date": "2010-08-02T00:00:00",
"db": "CERT/CC",
"id": "VU#362332",
"ident": null
},
{
"date": "2010-08-02T00:00:00",
"db": "CERT/CC",
"id": "VU#840249",
"ident": null
},
{
"date": "2010-08-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-3889",
"ident": null
},
{
"date": "2010-08-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1489",
"ident": null
},
{
"date": "2014-10-01T10:11:11",
"db": "PACKETSTORM",
"id": "128512",
"ident": null
},
{
"date": "2010-08-03T17:02:02",
"db": "PACKETSTORM",
"id": "92448",
"ident": null
},
{
"date": "2010-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201008-031",
"ident": null
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-005614",
"ident": null
},
{
"date": "2010-08-05T13:22:29.857000",
"db": "NVD",
"id": "CVE-2010-2967",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-09-02T00:00:00",
"db": "CERT/CC",
"id": "VU#362332",
"ident": null
},
{
"date": "2014-06-02T00:00:00",
"db": "CERT/CC",
"id": "VU#840249",
"ident": null
},
{
"date": "2010-08-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-3889",
"ident": null
},
{
"date": "2010-08-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1489",
"ident": null
},
{
"date": "2010-08-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201008-031",
"ident": null
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-005614",
"ident": null
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2010-2967",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201008-031"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Wind River VxWorks loginDefaultEncrypt Algorithm encryption problem vulnerability",
"sources": [
{
"db": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2010-3889"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-031"
}
],
"trust": 1.6
},
"type": {
"_id": null,
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201008-031"
}
],
"trust": 0.6
}
}
VAR-201008-0272
Vulnerability from variot - Updated: 2021-12-18 15:57The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session. It is relatively easy to find a string that has the same hash value as a regular password.Authentication by attacker API (loginLib) May be used to access services using. The hashing algorithm that is used in the standard authentication API for VxWorks is susceptible to collisions. An attacker can brute force a password by guessing a string that produces the same hash as a legitimate password. VxWorks is prone to a security vulnerability due to an insecure-hashing algorithm. The issue affects multiple products from multiple vendors that ship with the VxWorks operating system. NOTE: This document previously covered two vulnerabilities in VxWorks. The remote security-bypass issue has been moved to BID 42158 (VxWorks Debugging Service Security-Bypass Vulnerability) to allow for better documentation of both issues. This flaw occurs due to an insecure password hashing implementation in the authentication library (loginLib) of the VxWorks operating system. Regardless of what password is set for a particular account, there are a only small number (~210k) of possible hash outputs. Typical passwords consisting of alphanumeric characters and symbols fall within an even smaller range of hash outputs (~8k), making this trivial to brute force over the network. To excaberate matters, loginLib has no support for account lockouts and the FTP daemon does not disconnect clients that consistently fail to authenticate. This reduces the brute force time for the FTP service to approximately 30 minutes.
To demonstrate the hash weakness, the password of "insecure" hashes to the value "Ry99dzRcy9". The password of "s{{{{{^O" also hashes to the same output. The hashing algorithm itself is based on an additive sum with a small XOR operation. The resulting sums are then transformed to a printable string, but the range of possible intermediate values is limited and mostly sequential. The entire collision table has been precomputed and will be released in early September as an input file for common brute force tools. More information about the hashing algorithm itself is available at the Metasploit blog post below:
http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html
There are three requirements for this vulnerability to be exploited:
-
The device must be running at least one service that uses loginLib for authentication. Telnet and FTP do so by default.
-
A valid username must be known to the attacker. This is usually easy to determine through product manuals or a cursory review of the firmware binaries.
-
The target service must be using with default loginLib library and must not have changed the authentication function to point to a custom backend.
A typical VxWorks device will meet all three requirements by default, but customization by the device manufacturer may preclude this from being exploited. In general, if the device displays a VxWorks banner for Telnet or FTP, it is more than likely vulnerable.
-- Vendor Response: Wind River Systems has notified their customers of the issue and suggested that each downstream vendor replace the existing hash implementation with SHA512 or SHA256. The exact extent of the vulnerability and the complete list of affected devices is not known at this time. Example code from Wind River Systems has been supplied to CERT and is included in the advisory below:
http://www.kb.cert.org/vuls/id/840249
-- Disclosure Timeline: 2009-06-02 - Vulnerability reported to CERT for vendor notification 2009-08-02 - Coordinated public release of advisory
-- Credit: This vulnerability was discovered by HD Moore
-- About Rapid7 Security Rapid7 provides vulnerability management, compliance and penetration testing solutions for Web application, network and database security. In addition to developing the NeXpose Vulnerability Management system, Rapid7 manages the Metasploit Project and is the primary sponsor of the W3AF web assessment tool.
Our vulnerability disclosure policy is available online at:
http://www.rapid7.com/disclosure.jsp
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201008-0272",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vxworks",
"scope": "eq",
"trust": 1.6,
"vendor": "windriver",
"version": "6.4"
},
{
"model": "vxworks",
"scope": "eq",
"trust": 1.6,
"vendor": "windriver",
"version": "5.5"
},
{
"model": "vxworks",
"scope": "eq",
"trust": 1.6,
"vendor": "windriver",
"version": "6"
},
{
"model": "vxworks",
"scope": "eq",
"trust": 1.6,
"vendor": "windriver",
"version": "5"
},
{
"model": "vxworks",
"scope": "lte",
"trust": 1.0,
"vendor": "windriver",
"version": "6.8"
},
{
"model": "vxworks",
"scope": "lt",
"trust": 0.8,
"vendor": "wind river",
"version": "6.9"
},
{
"model": "vxworks",
"scope": null,
"trust": 0.8,
"vendor": "wind river",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ericsson",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "polycom",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "wind river",
"version": null
},
{
"model": "vxworks",
"scope": "eq",
"trust": 0.6,
"vendor": "windriver",
"version": "6.8"
},
{
"model": "river systems vxworks through",
"scope": "eq",
"trust": 0.6,
"vendor": "wind",
"version": "6.56.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vxworks",
"version": "5"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vxworks",
"version": "5.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vxworks",
"version": "6"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vxworks",
"version": "6.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vxworks",
"version": "*"
},
{
"model": "river systems vxworks",
"scope": "eq",
"trust": 0.3,
"vendor": "wind",
"version": "0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-2967"
},
{
"db": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-031"
},
{
"db": "CNVD",
"id": "CNVD-2010-3889"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005614"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001882"
},
{
"db": "BID",
"id": "42114"
},
{
"db": "CERT/CC",
"id": "VU#840249"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:windriver:vxworks:5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:windriver:vxworks:6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:windriver:vxworks:5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.8",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:windriver:vxworks:6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-2967"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HD Moore",
"sources": [
{
"db": "BID",
"id": "42114"
}
],
"trust": 0.3
},
"cve": "CVE-2010-2967",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/severity#"
},
"@id": "https://www.variotdbs.pl/ref/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2010-2967",
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.8,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CARNEGIE MELLON",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 10.0,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 9.5,
"exploitability": "HIGH",
"exploitabilityScore": 10.0,
"id": "VU#840249",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "NOT DEFINED",
"trust": 0.8,
"userInterationRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2010-3889",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "0183e958-2356-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "7d753cb1-463f-11e9-876d-000c29342cb1",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VH-CVE-2010-2967",
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2010-2967",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#840249",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201008-031",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2010-3889",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VUL-HUB",
"id": "VH-CVE-2010-2967",
"trust": 0.1,
"value": "High risk"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-2967"
},
{
"db": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-031"
},
{
"db": "CNVD",
"id": "CNVD-2010-3889"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005614"
},
{
"db": "CERT/CC",
"id": "VU#840249"
},
{
"db": "VULHUB",
"id": "VH-CVE-2010-2967"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session. It is relatively easy to find a string that has the same hash value as a regular password.Authentication by attacker API (loginLib) May be used to access services using. The hashing algorithm that is used in the standard authentication API for VxWorks is susceptible to collisions. An attacker can brute force a password by guessing a string that produces the same hash as a legitimate password. VxWorks is prone to a security vulnerability due to an insecure-hashing algorithm. \nThe issue affects multiple products from multiple vendors that ship with the VxWorks operating system. \nNOTE: This document previously covered two vulnerabilities in VxWorks. The remote security-bypass issue has been moved to BID 42158 (VxWorks Debugging Service Security-Bypass Vulnerability) to allow for better documentation of both issues. \nThis flaw occurs due to an insecure password hashing implementation in\nthe authentication library (loginLib) of the VxWorks operating system. \nRegardless of what password is set for a particular account, there are a\nonly small number (~210k) of possible hash outputs. Typical passwords\nconsisting of alphanumeric characters and symbols fall within an even\nsmaller range of hash outputs (~8k), making this trivial to brute force\nover the network. To excaberate matters, loginLib has no support for\naccount lockouts and the FTP daemon does not disconnect clients that\nconsistently fail to authenticate. This reduces the brute force time for\nthe FTP service to approximately 30 minutes. \n\nTo demonstrate the hash weakness, the password of \"insecure\" hashes to\nthe value \"Ry99dzRcy9\". The password of \"s{{{{{^O\" also hashes to the\nsame output. The hashing algorithm itself is based on an additive sum\nwith a small XOR operation. The resulting sums are then transformed to a\nprintable string, but the range of possible intermediate values is\nlimited and mostly sequential. The entire collision table has been\nprecomputed and will be released in early September as an input file for\ncommon brute force tools. More information about the hashing algorithm\nitself is available at the Metasploit blog post below:\n\n http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html\n\nThere are three requirements for this vulnerability to be exploited:\n\n * The device must be running at least one service that uses loginLib\nfor authentication. Telnet and FTP do so by default. \n\n * A valid username must be known to the attacker. This is usually easy\nto determine through product manuals or a cursory review of the firmware\nbinaries. \n\n * The target service must be using with default loginLib library and\nmust not have changed the authentication function to point to a custom\nbackend. \n\nA typical VxWorks device will meet all three requirements by default,\nbut customization by the device manufacturer may preclude this from\nbeing exploited. In general, if the device displays a VxWorks banner for\nTelnet or FTP, it is more than likely vulnerable. \n\n-- Vendor Response:\nWind River Systems has notified their customers of the issue and\nsuggested that each downstream vendor replace the existing hash\nimplementation with SHA512 or SHA256. The exact extent of the\nvulnerability and the complete list of affected devices is not known at\nthis time. Example code from Wind River Systems has been supplied to\nCERT and is included in the advisory below:\n\n http://www.kb.cert.org/vuls/id/840249\n\n-- Disclosure Timeline:\n2009-06-02 - Vulnerability reported to CERT for vendor notification\n2009-08-02 - Coordinated public release of advisory\n\n-- Credit:\nThis vulnerability was discovered by HD Moore\n\n-- About Rapid7 Security\nRapid7 provides vulnerability management, compliance and penetration\ntesting solutions for Web application, network and database security. In\naddition to developing the NeXpose Vulnerability Management system,\nRapid7 manages the Metasploit Project and is the primary sponsor of the\nW3AF web assessment tool. \n\nOur vulnerability disclosure policy is available online at:\n\n http://www.rapid7.com/disclosure.jsp\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-2967"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005614"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001882"
},
{
"db": "CERT/CC",
"id": "VU#840249"
},
{
"db": "CNVD",
"id": "CNVD-2010-3889"
},
{
"db": "BID",
"id": "42114"
},
{
"db": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VH-CVE-2010-2967"
},
{
"db": "PACKETSTORM",
"id": "92449"
}
],
"trust": 4.41
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#840249",
"trust": 4.4
},
{
"db": "NVD",
"id": "CVE-2010-2967",
"trust": 3.5
},
{
"db": "CNNVD",
"id": "CNNVD-201008-031",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2010-3889",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005614",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001882",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-10-214-01",
"trust": 0.8
},
{
"db": "BID",
"id": "42114",
"trust": 0.3
},
{
"db": "IVD",
"id": "0183E958-2356-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D753CB1-463F-11E9-876D-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VH-CVE-2010-2967",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "92449",
"trust": 0.1
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-2967"
},
{
"db": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-031"
},
{
"db": "CNVD",
"id": "CNVD-2010-3889"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005614"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001882"
},
{
"db": "BID",
"id": "42114"
},
{
"db": "CERT/CC",
"id": "VU#840249"
},
{
"db": "VULHUB",
"id": "VH-CVE-2010-2967"
},
{
"db": "PACKETSTORM",
"id": "92449"
}
]
},
"id": "VAR-201008-0272",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2010-3889"
},
{
"db": "VULHUB",
"id": "VH-CVE-2010-2967"
}
],
"trust": 1.7928571500000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.4
}
],
"sources": [
{
"db": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2010-3889"
}
]
},
"last_update_date": "2021-12-18T15:57:33.115000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.windriver.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://windriver.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-005614"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001882"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-2967"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005614"
},
{
"db": "VULHUB",
"id": "VH-CVE-2010-2967"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "http://www.kb.cert.org/vuls/id/840249"
},
{
"trust": 2.6,
"url": "http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html"
},
{
"trust": 2.4,
"url": "http://www.kb.cert.org/vuls/id/mapg-863qh9"
},
{
"trust": 2.4,
"url": "https://support.windriver.com/olsportal/faces/maintenance/downloaddetails.jspx?contentid=033709"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2967"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2967"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu840249"
},
{
"trust": 0.8,
"url": "https://community.rapid7.com/community/metasploit/blog/2010/08/02/shiny-old-vxworks-vulnerabilities"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-10-214-01_vxworks_vulnerabilities.pdf"
},
{
"trust": 0.8,
"url": "http://blogs.windriver.com/chauhan/2010/08/vxworks-secure.html"
},
{
"trust": 0.8,
"url": "http://newsoft-tech.blogspot.com/2010/09/follow-up-on-vxworks-issue.html"
},
{
"trust": 0.8,
"url": "http://cvk.posterous.com/how-to-crack-vxworks-password-hashes"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/327.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/916.html"
},
{
"trust": 0.3,
"url": "http://www.windriver.com/"
},
{
"trust": 0.3,
"url": "/archive/1/512827"
},
{
"trust": 0.3,
"url": "/archive/1/512842"
},
{
"trust": 0.1,
"url": "http://www.rapid7.com/disclosure.jsp"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-2967"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-031"
},
{
"db": "CNVD",
"id": "CNVD-2010-3889"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005614"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001882"
},
{
"db": "BID",
"id": "42114"
},
{
"db": "CERT/CC",
"id": "VU#840249"
},
{
"db": "PACKETSTORM",
"id": "92449"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-2967"
},
{
"db": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-031"
},
{
"db": "CNVD",
"id": "CNVD-2010-3889"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005614"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001882"
},
{
"db": "BID",
"id": "42114"
},
{
"db": "CERT/CC",
"id": "VU#840249"
},
{
"db": "VULHUB",
"id": "VH-CVE-2010-2967"
},
{
"db": "PACKETSTORM",
"id": "92449"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-08-05T13:22:00",
"db": "NVD",
"id": "CVE-2010-2967"
},
{
"date": "2010-08-05T00:00:00",
"db": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d"
},
{
"date": "2010-08-05T00:00:00",
"db": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1"
},
{
"date": "2010-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201008-031"
},
{
"date": "2010-08-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-3889"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-005614"
},
{
"date": "2010-08-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-001882"
},
{
"date": "2010-08-02T00:00:00",
"db": "BID",
"id": "42114"
},
{
"date": "2010-08-02T00:00:00",
"db": "CERT/CC",
"id": "VU#840249"
},
{
"date": "2010-08-04T00:00:00",
"db": "VULHUB",
"id": "VH-CVE-2010-2967"
},
{
"date": "2010-08-03T18:01:12",
"db": "PACKETSTORM",
"id": "92449"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-08-05T13:22:00",
"db": "NVD",
"id": "CVE-2010-2967"
},
{
"date": null,
"db": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d"
},
{
"date": null,
"db": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1"
},
{
"date": "2010-08-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201008-031"
},
{
"date": "2010-08-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-3889"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-005614"
},
{
"date": "2010-08-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-001882"
},
{
"date": "2010-08-05T19:46:00",
"db": "BID",
"id": "42114"
},
{
"date": "2014-06-02T00:00:00",
"db": "CERT/CC",
"id": "VU#840249"
},
{
"date": "2020-11-04T00:00:00",
"db": "VULHUB",
"id": "VH-CVE-2010-2967"
},
{
"date": null,
"db": "PACKETSTORM",
"id": "92449"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201008-031"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wind River VxWorks loginDefaultEncrypt Algorithm encryption problem vulnerability",
"sources": [
{
"db": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-031"
},
{
"db": "CNVD",
"id": "CNVD-2010-3889"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201008-031"
}
],
"trust": 0.6
}
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…