CVE-2010-2966

Name of the Vulnerable Software and Affected Versions Wind River VxWorks versions 6.x, 5.x, and earlier

Description The issue concerns the INCLUDE SECURITY functionality, which uses the LOGIN USER NAME and LOGIN USER PASSWORD (also known as LOGIN PASSWORD) parameters to create hardcoded credentials. This makes it easier for remote attackers to obtain access via a telnet, rlogin, or FTP session.

Recommendations For Wind River VxWorks versions 6.x, 5.x, and earlier, consider disabling the INCLUDE SECURITY functionality or restricting access to the hardcoded credentials as a temporary workaround until a patch is available. Avoid using the LOGIN USER NAME and LOGIN USER PASSWORD parameters in affected sessions to minimize the risk of exploitation.