CVE-2017-5670 : Riverbed RiOS insecure cryptographic storage

Posted by Sydream Labs on Feb 14

# Riverbed RiOS insecure cryptographic storage (CVE-2017-5670)

## Description

Riverbed Steelhead hardware appliances are used to optimize and
accelerate network traffic.
There can be implemented as TLS endpoints, so they have a secure vault
aimed to store private TLS certificates for servers.
The secure vault has FIPS mode support.

## Improper encryption implementation

The secure vault used on the Steelhead appliance (and potentially other…

Leave a Reply