lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <3e37ca87-4a38-48c6-a4b7-5a479dc248bf@sec-consult.com>
Date: Mon, 27 Jan 2025 10:20:43 +0000
From: SEC Consult Vulnerability Lab via Fulldisclosure
 <fulldisclosure@...lists.org>
To: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org>
Subject: [FD] SEC Consult SA-20250127-0 :: Weak Password Hashing Algorithms
 in Wind River Software VxWorks RTOS

SEC Consult Vulnerability Lab Security Advisory < 20250127-0 >
=======================================================================
                title: Weak Password Hashing Algorithms
              product: Wind River Software VxWorks RTOS
   vulnerable version: >= VxWorks 6.9
        fixed version: not available
           CVE number: no CVE assigned by Wind River
               impact: High
             homepage: https://www.windriver.com/
                found: 2024-03-21
                   by: Steffen Robertz (Office Vienna)
                       Constantin Schieber-Knoebl (Office Vienna)
                       Stefan Viehboeck (Office Vienna)
                       SEC Consult Vulnerability Lab

                       An integrated part of SEC Consult, an Eviden business
                       Europe | Asia

                       https://www.sec-consult.com

=======================================================================

Vendor description:
-------------------
"VxWorks is a real-time operating system (or RTOS) developed as proprietary
software by Wind River Systems, a subsidiary of Aptiv. First released in 1987,
VxWorks is designed for use in embedded systems requiring real-time,
deterministic performance and in many cases, safety and security certification
for industries such as aerospace, defense, medical devices, industrial equipment,
robotics, energy, transportation, network infrastructure, automotive, and
consumer electronics."

Source: https://www.windriver.com/


Business recommendation:
------------------------
SEC Consult advises affected Wind River VxWorks customers to perform thorough
security reviews of their products to assess whether and how they are impacted
by these vulnerabilities. As a mitigation measure, customers should avoid using
the built-in authentication mechanisms of the VxWorks operating system and
instead implement and use modern password hashing algorithms with a sufficiently
high cost factor.


Vulnerability overview/description:
-----------------------------------
1) VxWorks 6.9 Weak Password Hashing Algorithm (no CVE assigned by Wind River)
The password hashing algorithm introduced in VxWorks 6.9 is considered insecure.
This algorithm employs a single iteration of SHA-256 combined with a salt to hash
user passwords.

This method was intended to replace a previous proprietary hashing algorithm
that was susceptible to collision attacks (CVE-2010-2965). However, even at
the time of its release in 2011, the use of a single iteration for password
hashing was deemed inadequate. For comparison, md5crypt (introduced in 1994)
uses 1,000 iterations, and sha256crypt (introduced in 2008) uses 5,000 iterations.

This hashing algorithm is approximately 600,000 times weaker than current standards
(https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2).

An attacker who extracts user password hashes from a VxWorks-based device can
efficiently crack the passwords using a GPU cracking setup (e.g., hashcat on
RTX 4090). Potential vectors for extracting user hashes include:
- Physical access to the device memory via hardware hacking (e.g. bootloader
   access via UART, dumping of memory chips, JTAG, etc.)
- Remote access to device debug interfaces
- Access to firmware update files containing hard-coded users accounts
   (e.g. vendor backdoors added via the loginUserAdd() function)


2) VxWorks 7 Weak Password Hashing Algorithm (no CVE assigned by Wind River)
The password hashing algorithm used in VxWorks 7 (24.04) is also considered
insecure. This algorithm uses 5,000 iterations of SHA-256 combined with a salt
to hash user passwords.

The specific version in which this hashing algorithm was introduced remains
unknown to the authors. Nonetheless, this algorithm is still 5,000 times weaker
than current standards
(https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2).

The same attack vectors mentioned in issue #1 apply here.

Modern embedded systems possess the computational power necessary to perform
secure password hashing. Introducing a new password hashing scheme with a
default cost factor that provides robust defense against GPU cracking is
essential. Additionally, developers should have the flexibility to set a
lower, albeit less secure, cost factor for devices with limited computational
resources.


Proof of concept:
-----------------
1) VxWorks 6.9 Weak Password Hashing Algorithm (no CVE assigned by Wind River)
The password hashes can be cracked using the hashcat hash type 1420 "sha256($salt.$pass)"
and the --hex-salt option.

The following Python script re-implements the hashing algorithm in Python
and demonstrates how hashes can be prepared for cracking with hashcat.

```python
from hashlib import sha256
from base64 import b64decode, b64encode

def format_pw_vx69_hashcat(pw_hash_base64,salt_base64):
     # formats hash for cracking with hashcat hash type 1420 "sha256($salt.$pass)" and the --hex-salt option
     hash = b64decode(pw_hash_base64)
     salt = b64decode(salt_base64)
     print('%s:%s'%(hash.hex(),salt.hex()))

def hash_pw_vx69(password, salt_base64):
     salt = b64decode(salt_base64)

     hash_input = salt + password.encode()

     digest = sha256(hash_input).digest()
     digest_base64 = b64encode(digest).decode()

     return digest_base64

salt = 'BFqADK/VLEk='
pw_hash = 'm4qJ/O/Iam+2AdBmwD7+cav+W6HABSdMF2yQyK+rIQA='

format_pw_vx69_hashcat(pw_hash,salt)

if hash_pw_vx69('password', salt) == pw_hash:
     print('Hashes match!')
```


2) VxWorks 7 Weak Password Hashing Algorithm (no CVE assigned by Wind River)
Cracking these hashes requires the implementation of a hashcat
"sha256($salt.$pass)" variant that uses 5,000 rounds.


Vulnerable / tested versions:
-----------------------------
The following version has been tested which was the latest version available
at the time of the test:
- VxWorks 6.9 Weak Password Hashing Algorithm was verified on a device
   based on VxWorks 6.9
- VxWorks 7 Weak Password Hashing Algorithm was verified on a device
   based on VxWorks 7 (24.04)


Vendor contact timeline:
------------------------
2024-07-10: Contacting vendor through psirt@...driver.com, attaching encrypted
             security advisory. Vendor confirms receipt and is working on it.
2024-07-22: Requesting a status update. Vendor asks for exact version number
             of 6.9 to determine next steps.
2024-07-24: The analyzed device used 6.9.4.12, but stating that all 6.9.x
             versions are affected.
2024-07-25: Vendor wants to discuss further details and requests a meeting.
2024-07-29: Asking for brief summary of initial analysis and timezones.
2024-08-09: Vendor provides a write-up of their current position on these issues.
2024-09-02: Delayed response from our side due to vacation, providing remarks on the
             vendor's statement and proposing a few dates.
2024-09-10: Conference call with vendor, discussing positions and next steps.
2024-09-10: Vendor informs us about their final decision to treat the issue
             as a "feature upgrade" and not a vulnerability. No ETA on implementation.
2024-10-10: Relaying vulnerability information to "company that builds their
             devices on VxWorks" - where the vulnerability was initially found.
2024-10-22: Conference call with "company that builds their devices on VxWorks".
2024-11-21: "Company that builds their devices on VxWorks" confirms their products
             are not affected by the issue as they are not using the VxWorks OS
             authentication mechanisms.
2025-01-17: Contacting vendor to inform them about the upcoming publication,
             asking if they have informed their customers and if there are any
             resources available for reference.
2025-01-17: The vendor responds, stating that they have been in contact with the
             "company that builds their devices on VxWorks," but they do not confirm
             whether they have reached out to other affected customers or published
             any resources.
2025-01-27: Public release of advisory and blog post https://r.sec-consult.com/vxblog


Solution:
---------
There is no solution available. Please contact the vendor for further information.


Workaround:
-----------
The vendor did not publish any information on possible workarounds. Please
contact the vendor for further information.

SEC Consult advises affected Wind River VxWorks customers to perform thorough
security reviews of their products to assess whether and how they are impacted
by these vulnerabilities. As a mitigation measure, customers should avoid using
the built-in authentication mechanisms of the VxWorks operating system and
instead implement and use modern password hashing algorithms with a sufficiently
high cost factor.


Advisory URL:
-------------
https://sec-consult.com/vulnerability-lab/


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SEC Consult Vulnerability Lab
An integrated part of SEC Consult, an Eviden business
Europe | Asia

About SEC Consult Vulnerability Lab
The SEC Consult Vulnerability Lab is an integrated part of SEC Consult, an
Eviden business. It ensures the continued knowledge gain of SEC Consult in the
field of network and application security to stay ahead of the attacker. The
SEC Consult Vulnerability Lab supports high-quality penetration testing and
the evaluation of new offensive and defensive technologies for our customers.
Hence our customers obtain the most current information about vulnerabilities
and valid recommendation about the risk profile of new technologies.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Interested to work with the experts of SEC Consult?
Send us your application https://sec-consult.com/career/

Interested in improving your cyber security with the experts of SEC Consult?
Contact our local offices https://sec-consult.com/contact/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mail: security-research at sec-consult dot com
Web: https://www.sec-consult.com
Blog: https://blog.sec-consult.com
Twitter: https://twitter.com/sec_consult

EOF Steffen Robertz, Constantin Schieber-Knoebl, Stefan Viehboeck / @2025


Download attachment "smime.p7s" of type "application/pkcs7-signature" (4201 bytes)

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ