Vulnerability Description
Zetetic Secure Tool for Recalling Important Passwords (STRIP) 0.5 and earlier for the PalmOS allows a local attacker to recover passwords via a brute force attack. This attack is made feasible by STRIP's use of SysRandom, which is seeded by TimeGetTicks, and an implementation flaw which vastly reduces the password 'search space'.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zetetic Enterprises | Strip | <= 0.5 |
References
- http://archives.neohapsis.com/archives/bugtraq/2001-04/0169.htmlExploitPatchVendor Advisory
- http://www.securityfocus.com/bid/2567ExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6362
- http://archives.neohapsis.com/archives/bugtraq/2001-04/0169.htmlExploitPatchVendor Advisory
- http://www.securityfocus.com/bid/2567ExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6362
FAQ
What is CVE-2001-0597?
CVE-2001-0597 is a vulnerability with a CVSS score of 7.2 (HIGH). Zetetic Secure Tool for Recalling Important Passwords (STRIP) 0.5 and earlier for the PalmOS allows a local attacker to recover passwords via a brute force attack. This attack is made feasible by STR...
How severe is CVE-2001-0597?
CVE-2001-0597 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-0597?
Check the references section above for vendor advisories and patch information. Affected products include: Zetetic Enterprises Strip.