Описание
Zetetic Secure Tool for Recalling Important Passwords (STRIP) 0.5 and earlier for the PalmOS allows a local attacker to recover passwords via a brute force attack. This attack is made feasible by STRIP's use of SysRandom, which is seeded by TimeGetTicks, and an implementation flaw which vastly reduces the password 'search space'.
Ссылки
- ExploitPatchVendor Advisory
- ExploitPatchVendor Advisory
- ExploitPatchVendor Advisory
- ExploitPatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.5 (включая)
Одно из
cpe:2.3:a:zetetic_enterprises:strip:*:*:*:*:*:*:*:*
cpe:2.3:a:zetetic_enterprises:strip:0.3:*:*:*:*:*:*:*
cpe:2.3:a:zetetic_enterprises:strip:0.4:*:*:*:*:*:*:*
EPSS
Процентиль: 55%
0.00323
Низкий
7.2 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
больше 3 лет назад
Zetetic Secure Tool for Recalling Important Passwords (STRIP) 0.5 and earlier for the PalmOS allows a local attacker to recover passwords via a brute force attack. This attack is made feasible by STRIP's use of SysRandom, which is seeded by TimeGetTicks, and an implementation flaw which vastly reduces the password 'search space'.
EPSS
Процентиль: 55%
0.00323
Низкий
7.2 High
CVSS2
Дефекты
NVD-CWE-Other