Lucene search

[email protected]CVE-2001-0597

HistoryAug 02, 2001 - 4:00 a.m.

CVE-2001-0597

2001-08-0204:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2001-0597

zetetic

strip 0.5

palmos

brute force attack

password security

sysrandom

timegetticks

7.3 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

0.4%

JSON

Zetetic Secure Tool for Recalling Important Passwords (STRIP) 0.5 and earlier for the PalmOS allows a local attacker to recover passwords via a brute force attack. This attack is made feasible by STRIP’s use of SysRandom, which is seeded by TimeGetTicks, and an implementation flaw which vastly reduces the password ‘search space’.

CPENameOperatorVersion
zetetic_enterprises:stripzetetic enterprises stripeq0.3
zetetic_enterprises:stripzetetic enterprises striple0.5
zetetic_enterprises:stripzetetic enterprises stripeq0.4

CPE	Name	Operator	Version
zetetic_enterprises:strip	zetetic enterprises strip	eq	0.3
zetetic_enterprises:strip	zetetic enterprises strip	le	0.5
zetetic_enterprises:strip	zetetic enterprises strip	eq	0.4

References

archives.neohapsis.com/archives/bugtraq/2001-04/0169.html

www.securityfocus.com/bid/2567

exchange.xforce.ibmcloud.com/vulnerabilities/6362

7.3 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

0.4%

JSON