Session fixation

2010-08-0513:22:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

59.2%

JSON

The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session.

CPENameOperatorVersion
vxworkseq6
vxworkseq5
vxworkseq6.4
vxworksle6.8
vxworkseq5.5

Name	Operator	Version
vxworks	eq	6
vxworks	eq	5
vxworks	eq	6.4
vxworks	le	6.8
vxworks	eq	5.5

References

blog.metasploit.com/2010/08/vxworks-vulnerabilities.html

www.kb.cert.org/vuls/id/840249

www.kb.cert.org/vuls/id/MAPG-863QH9

support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=033709