Vulnerability Details : CVE-2001-0597
Zetetic Secure Tool for Recalling Important Passwords (STRIP) 0.5 and earlier for the PalmOS allows a local attacker to recover passwords via a brute force attack. This attack is made feasible by STRIP's use of SysRandom, which is seeded by TimeGetTicks, and an implementation flaw which vastly reduces the password 'search space'.
Exploit prediction scoring system (EPSS) score for CVE-2001-0597
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ % EPSS Score History EPSS FAQ
CVSS scores for CVE-2001-0597
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
References for CVE-2001-0597
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/6362
-
http://archives.neohapsis.com/archives/bugtraq/2001-04/0169.html
Exploit;Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/2567
Exploit;Patch;Vendor Advisory
Products affected by CVE-2001-0597
- cpe:2.3:a:zetetic_enterprises:strip:*:*:*:*:*:*:*:*
- cpe:2.3:a:zetetic_enterprises:strip:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:zetetic_enterprises:strip:0.4:*:*:*:*:*:*:*