CVE-2017-17878

An issue was discovered in Valve Steam Link build 643. Root passwords longer than 8 characters are truncated because of the default use of DES (aka the CONFIG_FEATURE_DEFAULT_PASSWD_ALGO="des" setting).
References
Link Resource
https://blogger.davidmanouchehri.com/2017/12/steam-link-security-truncated-password.html Issue Tracking Patch Third Party Advisory
https://github.com/ValveSoftware/steamlink-sdk/issues/101 Issue Tracking Patch Third Party Advisory
https://github.com/ValveSoftware/steamlink-sdk/issues/110 Issue Tracking Patch Third Party Advisory
https://blogger.davidmanouchehri.com/2017/12/steam-link-security-truncated-password.html Issue Tracking Patch Third Party Advisory
https://github.com/ValveSoftware/steamlink-sdk/issues/101 Issue Tracking Patch Third Party Advisory
https://github.com/ValveSoftware/steamlink-sdk/issues/110 Issue Tracking Patch Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:valvesoftware:steam_link_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:valvesoftware:steam_link:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:18

Type Values Removed Values Added
References () https://blogger.davidmanouchehri.com/2017/12/steam-link-security-truncated-password.html - Issue Tracking, Patch, Third Party Advisory () https://blogger.davidmanouchehri.com/2017/12/steam-link-security-truncated-password.html - Issue Tracking, Patch, Third Party Advisory
References () https://github.com/ValveSoftware/steamlink-sdk/issues/101 - Issue Tracking, Patch, Third Party Advisory () https://github.com/ValveSoftware/steamlink-sdk/issues/101 - Issue Tracking, Patch, Third Party Advisory
References () https://github.com/ValveSoftware/steamlink-sdk/issues/110 - Issue Tracking, Patch, Third Party Advisory () https://github.com/ValveSoftware/steamlink-sdk/issues/110 - Issue Tracking, Patch, Third Party Advisory

Information

Published : 2017-12-27 17:08

Updated : 2024-11-21 03:18


NVD link : CVE-2017-17878

Mitre link : CVE-2017-17878

CVE.ORG link : CVE-2017-17878


JSON object : View

Products Affected

valvesoftware

  • steam_link
  • steam_link_firmware
CWE
CWE-327

Use of a Broken or Risky Cryptographic Algorithm