Siemens Information for VU#840249

Wind River Systems VxWorks weak default hashing algorithm in standard authentication API (loginLib)

Status

Not Affected

Vendor Statement

Security Advisory Report - OBSO-1007-01

Wind River VxWorks: weak default hashing algorithm in standard authentication API (loginLib)

Creation Date: 2010-07-22
Last Update: 2010-07-22

Summary
Wind River has published a security advisory, which states, that the default hashing algorithm that is used in the standard authentication API for VxWorks is susceptible to collisions. An attacker can brute force a password by guessing a string that produces the same hash as a legitimate password.

Vulnerability Details
An attacker with a known username and access to a service (telnet, rlogin or FTP) that uses the standard authentication API (loginDefaultEncrypt (), part of loginLib) can brute force the password in a relatively short period of time. Since the hashing algorithm is susceptible to collisions, the actual password does not have to be found, just a string that produces the same hash. For instance, when the default 'target/password' login example is used, 'y{{{{{kS' hashes to the same string as 'password'. It is thus possible to login using both 'password' and 'y{{{{{kS' as the passwords for the user 'target'.

Impact:
Because an attacker can brute force a correct password by guessing a string that produces the same hash and access the relevant service as a known user. Applications such as rlogin, telnet, and FTP rely on loginLib for security, and can be used to gain access to the device.

Affected Products
No products from Siemens Enterprise Communications are affected.

The following products include VxWorks as operating system, but none of them make use of the standard login library:

  • HiPath 4000
  • HiPath 3000 (HG 1500)
  • HiPath Wireless Convergence
  • optiPoint 410/420 HFA/SIP
  • RG 8700

Recommended Actions
None.

References
https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=033709

Revision History
2010-07-22 Initial Release

Contact and Disclaimer
OpenScale Baseline Security Office
obso@siemens-enterprise.com
Siemens Enterprise Communications GmbH & Co KG 2010
Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG

The information provided in this document is subject to change without notice. Siemens Enterpise Communications GmbH & Co KG (SEN) assumes no responsibility for any errors that may appear in this document, and it does not affect your current support agreements with SEN. Any trademarks referenced in this document are the property of their respective owners.
---End Vendor Statement-----------------------------------------

Vendor Information

The above information was provided by the vendor.

Vendor References

None

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.