Wind River Systems, Inc. Information for VU#840249

Wind River Systems VxWorks weak default hashing algorithm in standard authentication API (loginLib)

Status

Affected

Vendor Statement

Wind River has analyzed VU#840249, and determined that all versions of VxWorks that use the default hash algorithm (loginDefaultEncrypt) in loginLib can be vulnerable. VxWorks has a very strong track record of offering secure products and Wind River is committed to active threat monitoring, rapid assessment, threat prioritization, expedited remediation, response and proactive customer contact. Customers are encouraged to follow one of the remediation actions outlined in the SOLUTION section of the vulnerability post. When released, VxWorks 6.9 will further strengthen the default hash algorithm.

Registered users can access Wind River's online support for more information by following the link below. Registered users will also find patches to remove the 80 characters limitation for encrypted password string length on VxWorks versions 5.5.1 through 6.4.
https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=033709

Or contact Wind River technical support for more information:
http://windriver.com/support/

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

None

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.