CVE-2017-17878
First published: Wed Dec 27 2017(Updated: )
An issue was discovered in Valve Steam Link build 643. Root passwords longer than 8 characters are truncated because of the default use of DES (aka the CONFIG_FEATURE_DEFAULT_PASSWD_ALGO="des" setting).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Valve Steam Link Firmware | <644 | |
| Steam Link |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2017-17878?
CVE-2017-17878 is a vulnerability in Valve Steam Link build 643 where root passwords longer than 8 characters are truncated due to the default use of DES.
What is the severity of CVE-2017-17878?
The severity of CVE-2017-17878 is critical with a CVSS score of 9.8.
How does CVE-2017-17878 affect Valve Steam Link?
CVE-2017-17878 affects Valve Steam Link build 643 by truncating root passwords longer than 8 characters.
How can I fix CVE-2017-17878?
To fix CVE-2017-17878, update Valve Steam Link to a version beyond build 644.
Where can I find more information about CVE-2017-17878?
More information about CVE-2017-17878 can be found at the following references: [Link 1](https://blogger.davidmanouchehri.com/2017/12/steam-link-security-truncated-password.html), [Link 2](https://github.com/ValveSoftware/steamlink-sdk/issues/101), [Link 3](https://github.com/ValveSoftware/steamlink-sdk/issues/110).
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/remedy
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/valvesoftware
- canonical/valve steam link firmware
- canonical/steam link