3com Inc Unknown

Notified:  June 14, 2010 Updated: August 04, 2010

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Actelis Networks Unknown

Notified:  June 29, 2010 Updated: August 04, 2010

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Alcatel-Lucent Unknown

Notified:  June 14, 2010 Updated: August 04, 2010

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Allied Telesis Unknown

Notified:  June 29, 2010 Updated: August 04, 2010

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Alvarion Unknown

Notified:  June 29, 2010 Updated: August 04, 2010

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

amx Not Affected

Notified:  June 29, 2010 Updated: August 04, 2010

Status

Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Aperto Networks Unknown

Notified:  June 29, 2010 Updated: August 04, 2010

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Apple Inc. Unknown

Notified:  June 29, 2010 Updated: August 04, 2010

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ARRIS Unknown

Notified:  June 29, 2010 Updated: August 04, 2010

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Avaya, Inc. Unknown

Notified:  June 29, 2010 Updated: August 04, 2010

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Broadcom Unknown

Notified:  June 29, 2010 Updated: August 04, 2010

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Brocade Unknown

Notified:  August 03, 2010 Updated: August 03, 2010

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Canon Not Affected

Notified:  June 29, 2010 Updated: August 09, 2010

Status

Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Carrier Access Unknown

Notified:  June 29, 2010 Updated: August 04, 2010

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ceragon Networks Inc Unknown

Notified:  June 29, 2010 Updated: August 04, 2010

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cisco Systems, Inc. Unknown

Notified:  June 29, 2010 Updated: August 04, 2010

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Dell Computer Corporation, Inc. Unknown

Notified:  June 29, 2010 Updated: August 04, 2010

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Digicom Unknown

Notified:  June 29, 2010 Updated: August 04, 2010

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

D-Link Systems, Inc. Unknown

Notified:  June 29, 2010 Updated: August 04, 2010

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

DrayTek Corporation Unknown

Notified:  June 29, 2010 Updated: August 04, 2010

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

EMC Corporation Not Affected

Notified:  June 14, 2010 Updated: August 04, 2010

Status

Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Enablence Unknown

Notified:  June 29, 2010 Updated: August 04, 2010

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Enterasys Networks Unknown

Notified:  June 29, 2010 Updated: August 04, 2010

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Epson America, Inc. Unknown

Notified:  June 29, 2010 Updated: August 04, 2010

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ericsson Affected

Notified:  June 29, 2010 Updated: August 04, 2010

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Fluke Networks Unknown

Notified:  June 29, 2010 Updated: August 04, 2010

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Foundry Networks, Inc. Unknown

Notified:  June 29, 2010 Updated: August 04, 2010

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Gilat Network Systems Unknown

Notified:  June 29, 2010 Updated: August 04, 2010

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Guangzhou Gaoke Communications Unknown

Notified:  June 29, 2010 Updated: August 04, 2010

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Huawei Technologies Unknown

Notified:  June 29, 2010 Updated: August 04, 2010

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Intel Corporation Unknown

Notified:  August 03, 2010 Updated: August 03, 2010

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

IWATSU Voice Networks Unknown

Notified:  June 29, 2010 Updated: August 04, 2010

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Keda Communications Unknown

Notified:  June 29, 2010 Updated: August 04, 2010

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Knovative Inc Unknown

Notified:  June 29, 2010 Updated: August 04, 2010

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Lenovo Unknown

Notified:  June 29, 2010 Updated: August 04, 2010

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Lucent Technologies Unknown

Notified:  June 29, 2010 Updated: August 04, 2010

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Lutron Electronics Unknown

Notified:  June 29, 2010 Updated: August 04, 2010

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Maipu Communication Technology Unknown

Notified:  June 29, 2010 Updated: August 04, 2010

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Mitel Networks, Inc. Unknown

Notified:  June 29, 2010 Updated: August 04, 2010

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Motorola, Inc. Unknown

Notified:  June 29, 2010 Updated: August 04, 2010

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Netgear, Inc. Unknown

Notified:  June 29, 2010 Updated: August 04, 2010

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Nokia Unknown

Notified:  June 29, 2010 Updated: August 04, 2010

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Nortel Networks, Inc. Unknown

Notified:  July 14, 2010 Updated: July 14, 2010

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Polycom Affected

Notified:  June 29, 2010 Updated: August 04, 2010

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Proxim, Inc. Unknown

Notified:  June 29, 2010 Updated: August 04, 2010

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ricoh Company Ltd. Not Affected

Notified:  June 29, 2010 Updated: August 06, 2010

Status

Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Rockwell Automation Not Affected

Notified:  July 07, 2010 Updated: August 02, 2010

Statement Date:   July 15, 2010

Status

Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

Rockwell Automation has indicated that they are not affected by this vulnerability.

Samsung Unknown

Notified:  June 29, 2010 Updated: August 04, 2010

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Shoretel Communications, Inc. Unknown

Notified:  June 29, 2010 Updated: August 04, 2010

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Siemens Not Affected

Notified:  June 29, 2010 Updated: April 29, 2011

Status

Not Affected

Vendor Statement

Security Advisory Report - OBSO-1007-01 Wind River VxWorks: weak default hashing algorithm in standard authentication API (loginLib) Creation Date: 2010-07-22 Last Update: 2010-07-22 Summary Wind River has published a security advisory, which states, that the default hashing algorithm that is used in the standard authentication API for VxWorks is susceptible to collisions. An attacker can brute force a password by guessing a string that produces the same hash as a legitimate password. Vulnerability Details An attacker with a known username and access to a service (telnet, rlogin or FTP) that uses the standard authentication API (loginDefaultEncrypt (), part of loginLib) can brute force the password in a relatively short period of time. Since the hashing algorithm is susceptible to collisions, the actual password does not have to be found, just a string that produces the same hash. For instance, when the default 'target/password' login example is used, 'y{{{{{kS' hashes to the same string as 'password'. It is thus possible to login using both 'password' and 'y{{{{{kS' as the passwords for the user 'target'. Impact: Because an attacker can brute force a correct password by guessing a string that produces the same hash and access the relevant service as a known user. Applications such as rlogin, telnet, and FTP rely on loginLib for security, and can be used to gain access to the device. Affected Products No products from Siemens Enterprise Communications are affected. The following products include VxWorks as operating system, but none of them make use of the standard login library: HiPath 4000 HiPath 3000 (HG 1500) HiPath Wireless Convergence optiPoint 410/420 HFA/SIP RG 8700 Recommended Actions None. References https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=033709 Revision History 2010-07-22 Initial Release Contact and Disclaimer OpenScale Baseline Security Office obso@siemens-enterprise.com © Siemens Enterprise Communications GmbH & Co KG 2010 Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG The information provided in this document is subject to change without notice. Siemens Enterpise Communications GmbH & Co KG (SEN) assumes no responsibility for any errors that may appear in this document, and it does not affect your current support agreements with SEN. Any trademarks referenced in this document are the property of their respective owners. ---End Vendor Statement-----------------------------------------

Vendor Information

The above information was provided by the vendor.

SMC Networks, Inc. Unknown

Notified:  June 29, 2010 Updated: August 04, 2010

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

TRENDnet Unknown

Notified:  June 29, 2010 Updated: August 04, 2010

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Tut Systems, Inc. Unknown

Notified:  June 29, 2010 Updated: August 04, 2010

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Wind River Systems, Inc. Affected

Notified:  June 03, 2010 Updated: August 02, 2010

Status

Affected

Vendor Statement

Wind River has analyzed VU#840249, and determined that all versions of VxWorks that use the default hash algorithm (loginDefaultEncrypt) in loginLib can be vulnerable. VxWorks has a very strong track record of offering secure products and Wind River is committed to active threat monitoring, rapid assessment, threat prioritization, expedited remediation, response and proactive customer contact. Customers are encouraged to follow one of the remediation actions outlined in the SOLUTION section of the vulnerability post. When released, VxWorks 6.9 will further strengthen the default hash algorithm. Registered users can access Wind River's online support for more information by following the link below. Registered users will also find patches to remove the 80 characters limitation for encrypted password string length on VxWorks versions 5.5.1 through 6.4. https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=033709 Or contact Wind River technical support for more information: http://windriver.com/support/

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Xerox Unknown

Notified:  June 29, 2010 Updated: August 04, 2010

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

View all 55 vendors View less vendors