Unrated severityNVD Advisory· Published Aug 5, 2010· Updated Apr 29, 2026

CVE-2010-2967

Description

The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session.

Affected products

Windriver/Vxworks5 versions
cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*range: <=6.8
- cpe:2.3:o:windriver:vxworks:5:*:*:*:*:*:*:*
- cpe:2.3:o:windriver:vxworks:5.5:*:*:*:*:*:*:*
- cpe:2.3:o:windriver:vxworks:6:*:*:*:*:*:*:*
- cpe:2.3:o:windriver:vxworks:6.4:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.kb.cert.org/vuls/id/840249nvdUS Government Resource
blog.metasploit.com/2010/08/vxworks-vulnerabilities.htmlnvd
www.kb.cert.org/vuls/id/MAPG-863QH9nvd
support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspxnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000