← back
CVE-2001-0597

CVE-2001-0597

EPSS 1.1%
Zetetic Secure Tool for Recalling Important Passwords (STRIP) 0.5 and earlier for the PalmOS allows a local attacker to recover passwords via a brute force attack. This attack is made feasible by STRIP's use of SysRandom, which is seeded by TimeGetTicks, and an implementation flaw which vastly reduces the password 'search space'.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/20746unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://archives.neohapsis.com/archives/bugtraq/2001-04/0169.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/6362http://www.securityfocus.com/bid/2567