Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

Article Number: 000142620


DSA-2019-022: Dell Wyse Password Encoder Hard-coded Cryptographic Key Vulnerability

Summary: Dell Wyse Password Encoder and ThinLinux2 have been updated to address a security vulnerability that could potentially be exploited by malicious users to compromise the affectedSee more

Article Content


Impact

High

Details

 

The Dell Wyse Password Encoder in ThinLinux2 versions prior to 2.1.0.01 contain a Hard-coded Cryptographic Key vulnerability. An unauthenticated remote attacker could reverse engineer the cryptographic system used in the Dell Wyse Password Encoder to discover the hard coded private key and decrypt locally stored cipher text.
 

CVSSv3 Base Score: 7.9 (AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)

 

The Dell Wyse Password Encoder in ThinLinux2 versions prior to 2.1.0.01 contain a Hard-coded Cryptographic Key vulnerability. An unauthenticated remote attacker could reverse engineer the cryptographic system used in the Dell Wyse Password Encoder to discover the hard coded private key and decrypt locally stored cipher text.
 

CVSSv3 Base Score: 7.9 (AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Affected products:

Dell Wyse Linux Thin Clients with ThinLinux2 version prior to 2.1.0.01

Remediation:
 

The following Dell ThinLinux2 release contains a resolution to the vulnerability:

  • Dell ThinLinux2 versions 2.1.0.01 and later

Dell recommends all customers upgrade at the earliest opportunity. For more information, refer to Dell Knowledge Base article Drivers and Downloads FAQs.

Customers can download software from 

https://www.dell.com/support/home/us/en/19/drivers/driversdetails?driverId=C4JH3&osCode=THNLX&productCode=wyse-3040-thin-client

https://www.dell.com/support/home/in/en/indhs1/drivers/driversdetails?driverId=3CKT3&osCode=THNLX&productCode=wyse-5070-thin-client

Affected products:

Dell Wyse Linux Thin Clients with ThinLinux2 version prior to 2.1.0.01

Remediation:
 

The following Dell ThinLinux2 release contains a resolution to the vulnerability:

  • Dell ThinLinux2 versions 2.1.0.01 and later

Dell recommends all customers upgrade at the earliest opportunity. For more information, refer to Dell Knowledge Base article Drivers and Downloads FAQs.

Customers can download software from 

https://www.dell.com/support/home/us/en/19/drivers/driversdetails?driverId=C4JH3&osCode=THNLX&productCode=wyse-3040-thin-client

https://www.dell.com/support/home/in/en/indhs1/drivers/driversdetails?driverId=3CKT3&osCode=THNLX&productCode=wyse-5070-thin-client

Acknowledgements

Dell would like to thank Andrew Tierney at Pen Test Partners for reporting this vulnerability.

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide


Article Properties


Affected Product

Wyse 3040 Thin Client, Wyse 5070 Thin Client

Last Published Date

21 Feb 2021

Version

4

Article Type

Dell Security Advisory