CVE-2010-2967
First published: Thu Aug 05 2010(Updated: )
The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wind River VxWorks | <=6.8 | |
| Wind River VxWorks | =5 | |
| Wind River VxWorks | =5.5 | |
| Wind River VxWorks | =6 | |
| Wind River VxWorks | =6.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2010-2967?
CVE-2010-2967 is considered a medium severity vulnerability.
How do I fix CVE-2010-2967?
To fix CVE-2010-2967, users should upgrade to Wind River VxWorks version 6.9 or later.
What does CVE-2010-2967 affect?
CVE-2010-2967 affects Wind River VxWorks versions prior to 6.9 and all versions of 5.x.
Can CVE-2010-2967 be exploited remotely?
Yes, CVE-2010-2967 allows remote attackers to gain access via telnet, rlogin, or FTP.
What is the impact of CVE-2010-2967?
The impact of CVE-2010-2967 is unauthorized access to systems using affected versions of Wind River VxWorks.
- agent/type
- agent/author
- agent/references
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- agent/severity
- agent/weakness
- vendor/windriver
- canonical/wind river vxworks
- version/wind river vxworks/6.8
- version/wind river vxworks/5
- version/wind river vxworks/5.5
- version/wind river vxworks/6
- version/wind river vxworks/6.4