Share
## https://sploitus.com/exploit?id=PACKETSTORM:188886
SEC Consult Vulnerability Lab Security Advisory < 20250127-0 >
    =======================================================================
                   title: Weak Password Hashing Algorithms
                 product: Wind River Software VxWorks RTOS
      vulnerable version: >= VxWorks 6.9
           fixed version: not available
              CVE number: no CVE assigned by Wind River
                  impact: High
                homepage: https://www.windriver.com/
                   found: 2024-03-21
                      by: Steffen Robertz (Office Vienna)
                          Constantin Schieber-Knoebl (Office Vienna)
                          Stefan Viehboeck (Office Vienna)
                          SEC Consult Vulnerability Lab
    
                          An integrated part of SEC Consult, an Eviden business
                          Europe | Asia
    
                          https://www.sec-consult.com
    
    =======================================================================
    
    Vendor description:
    -------------------
    "VxWorks is a real-time operating system (or RTOS) developed as proprietary
    software by Wind River Systems, a subsidiary of Aptiv. First released in 1987,
    VxWorks is designed for use in embedded systems requiring real-time,
    deterministic performance and in many cases, safety and security certification
    for industries such as aerospace, defense, medical devices, industrial equipment,
    robotics, energy, transportation, network infrastructure, automotive, and
    consumer electronics."
    
    Source: https://www.windriver.com/
    
    
    Business recommendation:
    ------------------------
    SEC Consult advises affected Wind River VxWorks customers to perform thorough
    security reviews of their products to assess whether and how they are impacted
    by these vulnerabilities. As a mitigation measure, customers should avoid using
    the built-in authentication mechanisms of the VxWorks operating system and
    instead implement and use modern password hashing algorithms with a sufficiently
    high cost factor.
    
    
    Vulnerability overview/description:
    -----------------------------------
    1) VxWorks 6.9 Weak Password Hashing Algorithm (no CVE assigned by Wind River)
    The password hashing algorithm introduced in VxWorks 6.9 is considered insecure.
    This algorithm employs a single iteration of SHA-256 combined with a salt to hash
    user passwords.
    
    This method was intended to replace a previous proprietary hashing algorithm
    that was susceptible to collision attacks (CVE-2010-2965). However, even at
    the time of its release in 2011, the use of a single iteration for password
    hashing was deemed inadequate. For comparison, md5crypt (introduced in 1994)
    uses 1,000 iterations, and sha256crypt (introduced in 2008) uses 5,000 iterations.
    
    This hashing algorithm is approximately 600,000 times weaker than current standards
    (https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2).
    
    An attacker who extracts user password hashes from a VxWorks-based device can
    efficiently crack the passwords using a GPU cracking setup (e.g., hashcat on
    RTX 4090). Potential vectors for extracting user hashes include:
    - Physical access to the device memory via hardware hacking (e.g. bootloader
      access via UART, dumping of memory chips, JTAG, etc.)
    - Remote access to device debug interfaces
    - Access to firmware update files containing hard-coded users accounts
      (e.g. vendor backdoors added via the loginUserAdd() function)
    
    
    2) VxWorks 7 Weak Password Hashing Algorithm (no CVE assigned by Wind River)
    The password hashing algorithm used in VxWorks 7 (24.04) is also considered
    insecure. This algorithm uses 5,000 iterations of SHA-256 combined with a salt
    to hash user passwords.
    
    The specific version in which this hashing algorithm was introduced remains
    unknown to the authors. Nonetheless, this algorithm is still 5,000 times weaker
    than current standards
    (https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2).
    
    The same attack vectors mentioned in issue #1 apply here.
    
    Modern embedded systems possess the computational power necessary to perform
    secure password hashing. Introducing a new password hashing scheme with a
    default cost factor that provides robust defense against GPU cracking is
    essential. Additionally, developers should have the flexibility to set a
    lower, albeit less secure, cost factor for devices with limited computational
    resources.
    
    
    Proof of concept:
    -----------------
    1) VxWorks 6.9 Weak Password Hashing Algorithm (no CVE assigned by Wind River)
    The password hashes can be cracked using the hashcat hash type 1420 "sha256($salt.$pass)"
    and the --hex-salt option.
    
    The following Python script re-implements the hashing algorithm in Python
    and demonstrates how hashes can be prepared for cracking with hashcat.
    
    ```python
    from hashlib import sha256
    from base64 import b64decode, b64encode
    
    def format_pw_vx69_hashcat(pw_hash_base64,salt_base64):
        # formats hash for cracking with hashcat hash type 1420 "sha256($salt.$pass)" and the --hex-salt option
        hash = b64decode(pw_hash_base64)
        salt = b64decode(salt_base64)
        print('%s:%s'%(hash.hex(),salt.hex()))
    
    def hash_pw_vx69(password, salt_base64):
        salt = b64decode(salt_base64)
    
        hash_input = salt + password.encode()
    
        digest = sha256(hash_input).digest()
        digest_base64 = b64encode(digest).decode()
    
        return digest_base64
    
    salt = 'BFqADK/VLEk='
    pw_hash = 'm4qJ/O/Iam+2AdBmwD7+cav+W6HABSdMF2yQyK+rIQA='
    
    format_pw_vx69_hashcat(pw_hash,salt)
    
    if hash_pw_vx69('password', salt) == pw_hash:
        print('Hashes match!')
    ```
    
    
    2) VxWorks 7 Weak Password Hashing Algorithm (no CVE assigned by Wind River)
    Cracking these hashes requires the implementation of a hashcat
    "sha256($salt.$pass)" variant that uses 5,000 rounds.
    
    
    Vulnerable / tested versions:
    -----------------------------
    The following version has been tested which was the latest version available
    at the time of the test:
    - VxWorks 6.9 Weak Password Hashing Algorithm was verified on a device
      based on VxWorks 6.9
    - VxWorks 7 Weak Password Hashing Algorithm was verified on a device
      based on VxWorks 7 (24.04)
    
    
    Vendor contact timeline:
    ------------------------
    2024-07-10: Contacting vendor through psirt@windriver.com, attaching encrypted
                security advisory. Vendor confirms receipt and is working on it.
    2024-07-22: Requesting a status update. Vendor asks for exact version number
                of 6.9 to determine next steps.
    2024-07-24: The analyzed device used 6.9.4.12, but stating that all 6.9.x
                versions are affected.
    2024-07-25: Vendor wants to discuss further details and requests a meeting.
    2024-07-29: Asking for brief summary of initial analysis and timezones.
    2024-08-09: Vendor provides a write-up of their current position on these issues.
    2024-09-02: Delayed response from our side due to vacation, providing remarks on the
                vendor's statement and proposing a few dates.
    2024-09-10: Conference call with vendor, discussing positions and next steps.
    2024-09-10: Vendor informs us about their final decision to treat the issue
                as a "feature upgrade" and not a vulnerability. No ETA on implementation.
    2024-10-10: Relaying vulnerability information to "company that builds their
                devices on VxWorks" - where the vulnerability was initially found.
    2024-10-22: Conference call with "company that builds their devices on VxWorks".
    2024-11-21: "Company that builds their devices on VxWorks" confirms their products
                are not affected by the issue as they are not using the VxWorks OS
                authentication mechanisms.
    2025-01-17: Contacting vendor to inform them about the upcoming publication,
                asking if they have informed their customers and if there are any
                resources available for reference.
    2025-01-17: The vendor responds, stating that they have been in contact with the
                "company that builds their devices on VxWorks," but they do not confirm
                whether they have reached out to other affected customers or published
                any resources.
    2025-01-27: Public release of advisory and blog post https://r.sec-consult.com/vxblog
    
    
    Solution:
    ---------
    There is no solution available. Please contact the vendor for further information.
    
    
    Workaround:
    -----------
    The vendor did not publish any information on possible workarounds. Please
    contact the vendor for further information.
    
    SEC Consult advises affected Wind River VxWorks customers to perform thorough
    security reviews of their products to assess whether and how they are impacted
    by these vulnerabilities. As a mitigation measure, customers should avoid using
    the built-in authentication mechanisms of the VxWorks operating system and
    instead implement and use modern password hashing algorithms with a sufficiently
    high cost factor.
    
    
    Advisory URL:
    -------------
    https://sec-consult.com/vulnerability-lab/
    
    
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    SEC Consult Vulnerability Lab
    An integrated part of SEC Consult, an Eviden business
    Europe | Asia
    
    About SEC Consult Vulnerability Lab
    The SEC Consult Vulnerability Lab is an integrated part of SEC Consult, an
    Eviden business. It ensures the continued knowledge gain of SEC Consult in the
    field of network and application security to stay ahead of the attacker. The
    SEC Consult Vulnerability Lab supports high-quality penetration testing and
    the evaluation of new offensive and defensive technologies for our customers.
    Hence our customers obtain the most current information about vulnerabilities
    and valid recommendation about the risk profile of new technologies.
    
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Interested to work with the experts of SEC Consult?
    Send us your application https://sec-consult.com/career/
    
    Interested in improving your cyber security with the experts of SEC Consult?
    Contact our local offices https://sec-consult.com/contact/
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    Mail: security-research at sec-consult dot com
    Web: https://www.sec-consult.com
    Blog: https://blog.sec-consult.com
    Twitter: https://twitter.com/sec_consult
    
    EOF Steffen Robertz, Constantin Schieber-Knoebl, Stefan Viehboeck / @2025