Vulnerability: Password Recovery via Brute Force Attack in STRIP 0.5 and Earlier

Vulnerability: Password Recovery via Brute Force Attack in STRIP 0.5 and Earlier

CVE-2001-0597 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

Zetetic Secure Tool for Recalling Important Passwords (STRIP) 0.5 and earlier for the PalmOS allows a local attacker to recover passwords via a brute force attack. This attack is made feasible by STRIP's use of SysRandom, which is seeded by TimeGetTicks, and an implementation flaw which vastly reduces the password 'search space'.

Learn more about our Web Application Penetration Testing UK.