Wind River Systems, Inc. Information for VU#840249
Wind River Systems VxWorks weak default hashing algorithm in standard authentication API (loginLib)
- Vendor Information Help Date Notified: 03 Jun 2010
- Statement Date:
- Date Updated: 02 Aug 2010
Status
Affected
Vendor Statement
Wind River has analyzed VU#840249, and determined that all versions of VxWorks that use the default hash algorithm (loginDefaultEncrypt) in loginLib can be vulnerable. VxWorks has a very strong track record of offering secure products and Wind River is committed to active threat monitoring, rapid assessment, threat prioritization, expedited remediation, response and proactive customer contact. Customers are encouraged to follow one of the remediation actions outlined in the SOLUTION section of the vulnerability post. When released, VxWorks 6.9 will further strengthen the default hash algorithm.
Registered users can access Wind River's online support for more information by following the link below. Registered users will also find patches to remove the 80 characters limitation for encrypted password string length on VxWorks versions 5.5.1 through 6.4.
https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=033709
Or contact Wind River technical support for more information:
http://windriver.com/support/
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
None
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.