Hardcoded credentials

2010-08-0513:22:00

PRIOn knowledge base

www.prio-n.com

7.1 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

75.2%

JSON

The INCLUDE_SECURITY functionality in Wind River VxWorks 6.x, 5.x, and earlier uses the LOGIN_USER_NAME and LOGIN_USER_PASSWORD (aka LOGIN_PASSWORD) parameters to create hardcoded credentials, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session.

CPENameOperatorVersion
vxworkseq6
vxworkseq5
vxworkseq6.4
vxworksle6.8
vxworkseq5.5

Name	Operator	Version
vxworks	eq	6
vxworks	eq	5
vxworks	eq	6.4
vxworks	le	6.8
vxworks	eq	5.5

References

blog.metasploit.com/2010/08/vxworks-vulnerabilities.html

www.kb.cert.org/vuls/id/840249