Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-0597

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2001-0597
Last Modified 05 Sep 2008 04:24:29
Published 02 Aug 2001 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2001-0597

Summary

Zetetic Secure Tool for Recalling Important Passwords (STRIP) 0.5 and earlier for the PalmOS allows a local attacker to recover passwords via a brute force attack. This attack is made feasible by STRIP's use of SysRandom, which is seeded by TimeGetTicks, and an implementation flaw which vastly reduces the password 'search space'.

Vulnerable Systems

Application

  • Zetetic Enterprises Strip 0.3

  • Zetetic Enterprises Strip 0.4

  • Zetetic Enterprises Strip 0.5


References

XF - strip-weak-passwords(6362)

BID - 2567

BUGTRAQ - 20010410 Catastrophic failure of Strip password generation.


Last Updated: 27 May 2016 10:36:20