Lucene search
MitreCVE-2001-0597HistoryAug 02, 2001 - 4:00 a.m.
CVE-2001-0597
2001-08-0204:00:00
mitre
web.nvd.nist.gov
34
cve-2001-0597
zetetic
strip 0.5
palmos
brute force attack
password security
sysrandom
timegetticks
CVSS2
7.2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
AI Score
6.8
Confidence
High
EPSS
0
Percentile
0.4%
Zetetic Secure Tool for Recalling Important Passwords (STRIP) 0.5 and earlier for the PalmOS allows a local attacker to recover passwords via a brute force attack. This attack is made feasible by STRIP’s use of SysRandom, which is seeded by TimeGetTicks, and an implementation flaw which vastly reduces the password ‘search space’.
Affected configurations
Node
zetetic_enterprisesstripRange≤0.5
ORzetetic_enterprisesstripMatch0.3
ORzetetic_enterprisesstripMatch0.4
| Vendor | Product | Version | CPE |
|---|---|---|---|
| zetetic_enterprises | strip | * | cpe:2.3:a:zetetic_enterprises:strip:*:*:*:*:*:*:*:* |
| zetetic_enterprises | strip | 0.3 | cpe:2.3:a:zetetic_enterprises:strip:0.3:*:*:*:*:*:*:* |
| zetetic_enterprises | strip | 0.4 | cpe:2.3:a:zetetic_enterprises:strip:0.4:*:*:*:*:*:*:* |
Related
exploitdb
exploitdb
Strip Password Generator 0.3/0.4/0.5 - Limited Password-Space
2001-04-10 00:00:00
cvelist
cvelist
CVE-2001-0597
2001-07-27 04:00:00
nvd
nvd
CVE-2001-0597
2001-08-02 04:00:00
CVSS2
7.2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
AI Score
6.8
Confidence
High
EPSS
0
Percentile
0.4%
Related for CVE-2001-0597