Executive Summary

Title Wind River Systems VxWorks weak default hashing algorithm in standard authentication API (loginLib)
Name VU#840249 First vendor Publication 2010-08-02
Vendor VU-CERT Last vendor Modification 2010-09-02
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:N/A:N)
Cvss Base Score 7.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Vulnerability Note VU#840249

Wind River Systems VxWorks weak default hashing algorithm in standard authentication API (loginLib)


The hashing algorithm that is used in the standard authentication API for VxWorks is susceptible to collisions. An attacker can brute force a password by guessing a string that produces the same hash as a legitimate password.

I. Description

An attacker with a known username and access to a service (telnet, rlogin or FTP) that uses the standard authentication API (loginDefaultEncrypt (), part of loginLib) can brute force the password in a relatively short period of time. Since the hashing algorithm is susceptible to collisions, the actual password does not have to be found, just a string that produces the same hash.

For instance, when the default 'target/password' login example is used, 'y{{{{{kS' hashes to the same string as 'password'. It is thus possible to login using both 'password' and 'y{{{{{kS' as the passwords for the user 'target'.

Additional information can be found in ICS-CERT advisory ICSA-10-214-01 and on the Metasploit Blog.

II. Impact

An attacker can brute force a correct password by guessing a string that produces the same hash and access the relevant service as the known user.

III. Solution

Vendors which use VxWorks in their products should not use the default hashing algorithm in standard authentication API (loginDefaultEncrypt()). A trusted authentication API should be used instead. It can be installed by means of the loginEncryptInstall() loginLib hook.

In addition, and so as to avoid registration of the default 'target'/'password' credentials at init time, the LOGIN_USER_NAME and LOGIN_USER_PASSWORD project parameters/#defines should be set to empty strings (so that no user is registered using the default encryption routine). Only after the new encryption routine is registered should new users be added to the system.

loginEncryptInstall allows the user to install a custom encryption routine. The custom routine <rtn> must be of the following form:

STATUS encryptRoutine
       char *password,               /* string to encrypt    */
       char *encryptedPassword       /* resulting encryption */

The <encryptedPassword> string length should be no more than :
+ VxWorks 6.4 and below: 80 characters
+ VxWorks 6.5 and above: 128 characters

When a custom encryption routine is installed, a host version of this routine must be written to replace the tool vxencrypt in host/<hostOs>/bin.

Appendix #1 shows example code making use of loginEncryptInstall() to set a custom encryption routine. Depending on the VxWorks version used, either SHA-512 or SHA-256 are used.

DISCLAIMER: The following example code was provided by Wind River Systems. It is for demonstration purposes only and should not be used as is.

/* Sample loginEncryptInstallCode() */

/* includes */

#include <vxWorks.h>
#include <errnoLib.h> /* for errnoGet API */
#include <fcntl.h> /* for open API */
#include <stdio.h> /* for sprintf API */
#include <string.h> /* for string handling */
#include <unistd.h> /* for close API */
#include <loginLib.h>   /* library under test */
#include <sysSymTbl.h> /* for sySymTbl variable */

/* globals */

 * SHA-512 and SHA-256 digests corresponding to the 'vincent' string.
 * VxWorks 6.4 and below use SHA-256 because of the 80 chars
 * loginEncryptInstall() digest limit, while post 6.5 versions use SHA-512.

char * cryptSha = "38256fbe4e80d9ffd355409f36238ae18e62c668208c259e60"
char * shaIdent = "SHA-512";
char * cryptSha = "65c3f75641b22925c737ca657b126cd68c39e423349d43031c"
char * shaIdent = "SHA-256";

/* locals */

LOCAL STATUS fixed_sha (char* password, char* encryptedpassword);

* loginEncryptInstallExample - register and use a custom encryption routine

STATUS loginEncryptInstallExample (void)
    char* name = "vincent";
    char* passwd = "vincent";
    STATUS status = ERROR;

    /* Register our new encryption routine */

    loginEncryptInstall (fixed_sha, 0);
    printf ("Registered %s encryption routine. ", shaIdent);

    /* Add a new user using this encryption routine */

    if (loginUserAdd (name, cryptSha) != OK)
printf ("Unable to add new user to system using %s encryption"
"routine [errno = %#x]. ", shaIdent, errnoGet ());

        return ERROR;
/* Launch the verification process */

if (loginUserVerify (name, passwd) != OK)
   printf ("Successfully registered and added a new user "
   "with custom encryption routine but password "
   "check failed [errno = %#x]. ", errnoGet ());

   goto cleanup;
   printf ("Successfully used custom encryption routine "
   "(routine registration, user creation and "
   "verification). ");

    status = OK;


    /* Remove user and module; unregister routine */

    if (loginUserDelete (name, passwd) != OK)
printf ("There was a problem while trying to delete the "
"newly added user during cleanup [errno = " "%#x]. ",
errnoGet ());
status = ERROR;

    loginEncryptInstall ((FUNCPTR) loginDefaultEncrypt, 0);
    return status;

* fixed_sha - returns a fixed SHA digest
* RETURNS: Always OK

LOCAL STATUS fixed_sha
    char* password,
    char* encryptedpassword
     * IMPORTANT : This test routine should be replaced by a real SHA
     * generator. Because of the fixed digest, the current version does not
     * perform actual user validation (i.e all passwords are accepted for user
     * 'vincent').

    strcpy (encryptedpassword, cryptSha);
    return OK;

Restrict access
Appropriate firewall rules should be implemented to restrict access to any services that use the standard authentication API.

Disable services
Services such as FTP or telnet should be disabled if not needed.

Monitor access
IDS signatures should be implemented to detect brute force attacks to services that use the standard authentication API.

Vendor Information

VendorStatusDate NotifiedDate Updated
3com IncUnknown2010-06-142010-08-04
Actelis NetworksUnknown2010-06-292010-08-04
Allied TelesisUnknown2010-06-292010-08-04
amxNot Affected2010-06-292010-08-04
Aperto NetworksUnknown2010-06-292010-08-04
Apple Inc.Unknown2010-06-292010-08-04
Avaya, Inc.Unknown2010-06-292010-08-04
CanonNot Affected2010-06-292010-08-09
Carrier AccessUnknown2010-06-292010-08-04
Ceragon Networks IncUnknown2010-06-292010-08-04
Cisco Systems, Inc.Unknown2010-06-292010-08-04
D-Link Systems, Inc.Unknown2010-06-292010-08-04
Dell Computer Corporation, Inc.Unknown2010-06-292010-08-04
DrayTek CorporationUnknown2010-06-292010-08-04
EMC CorporationNot Affected2010-06-142010-08-04
Enterasys NetworksUnknown2010-06-292010-08-04
Epson America, Inc.Unknown2010-06-292010-08-04
Fluke NetworksUnknown2010-06-292010-08-04
Foundry Networks, Inc.Unknown2010-06-292010-08-04
Gilat Network SystemsUnknown2010-06-292010-08-04
Guangzhou Gaoke CommunicationsUnknown2010-06-292010-08-04
Huawei TechnologiesUnknown2010-06-292010-08-04
Intel CorporationUnknown2010-08-032010-08-03
IWATSU Voice NetworksUnknown2010-06-292010-08-04
Keda CommunicationsUnknown2010-06-292010-08-04
Knovative IncUnknown2010-06-292010-08-04
Lucent TechnologiesUnknown2010-06-292010-08-04
Lutron ElectronicsUnknown2010-06-292010-08-04
Maipu Communication TechnologyUnknown2010-06-292010-08-04
Mitel Networks, Inc.Unknown2010-06-292010-08-04
Motorola, Inc.Unknown2010-06-292010-08-04
Netgear, Inc.Unknown2010-06-292010-08-04
Nortel Networks, Inc.Unknown2010-07-142010-07-14
Proxim, Inc.Unknown2010-06-292010-08-04
Ricoh Company Ltd.Not Affected2010-06-292010-08-06
Rockwell AutomationNot Affected2010-07-072010-08-02
Shoretel Communications, Inc.Unknown2010-06-292010-08-04
SMC Networks, Inc.Unknown2010-06-292010-08-04
Tut Systems, Inc.Unknown2010-06-292010-08-04
Wind River Systems, Inc.Affected2010-06-032010-08-02




Thanks to HD Moore for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

Date Public:2010-08-02
Date First Published:2010-08-02
Date Last Updated:2010-09-02
CERT Advisory: 
US-CERT Technical Alerts: 
Document Revision:42

Original Source

Url : http://www.kb.cert.org/vuls/id/840249

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-310 Cryptographic Issues
50 % CWE-255 Credentials Management

CPE : Common Platform Enumeration

Os 8

Open Source Vulnerability Database (OSVDB)

Id Description
66909 Wind River Systems' VxWorks INCLUDE_SECURITY Functionality Multiple Parameter...

66843 Wind River Systems' VxWorks loginLib Default Hashing Algorithm Weakness

VxWorks contains a flaw that may allow an attacker to brute force a known backdoor account over FTP with trivial effort. The issue is triggered in combination with a flaw that allows arbitrary memory access, which allows the backdoor account name to be discovered.