Vulnerabilities > CVE-2010-2966 - Credentials Management vulnerability in Windriver Vxworks

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

windriver

CWE-255

NVD

Published: 2010-08-05

Updated: 2024-11-21

Summary

The INCLUDE_SECURITY functionality in Wind River VxWorks 6.x, 5.x, and earlier uses the LOGIN_USER_NAME and LOGIN_USER_PASSWORD (aka LOGIN_PASSWORD) parameters to create hardcoded credentials, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session.

Vulnerable Configurations

Part	Description	Count
OS	Windriver Windriver Vxworks 6 Windriver Vxworks 5 Windriver Vxworks 6.4 Windriver Vxworks 5.5 Windriver Vxworks 5.5.1 Windriver Vxworks 6.5 Windriver Vxworks 6.6 Windriver Vxworks 6.6.3 Windriver Vxworks 6.6.4 Windriver Vxworks 6.6.4.1 Windriver Vxworks 6.7 Windriver Vxworks 6.8	12

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References