CVE-2000-0275

CRYPTOCard CryptoAdmin for PalmOS - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2000-0275. PoCs published by kingpin.

AI-analyzed exploit summary The exploit describes a vulnerability in CRYPTOCard CRYPTOAdmin where a fixed 4-byte key generation value allows retrieval of PIN numbers from .pdb files, enabling token duplication and unauthorized network access.

Description

CRYPTOCard CryptoAdmin for PalmOS uses weak encryption to store a user's PIN number, which allows an attacker with access to the .PDB file to generate valid PT-1 tokens after cracking the PIN.

Exploits (2)

exploitdb WRITEUP VERIFIED

by kingpin · textlocalwindows

https://www.exploit-db.com/exploits/19839

View Code ZIP pw:eip

The exploit describes a vulnerability in CRYPTOCard CRYPTOAdmin where a fixed 4-byte key generation value allows retrieval of PIN numbers from .pdb files, enabling token duplication and unauthorized network access.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: CRYPTOCard CRYPTOAdmin

No auth needed

Prerequisites: Access to the .pdb file

MITRE ATT&CK

T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by kingpin · clocallinux

https://www.exploit-db.com/exploits/19838

View Code ZIP pw:eip

This exploit decrypts the PIN from a CRYPTOCard .pdb file by brute-forcing a weak DES key derived from a fixed 4-byte value. It reads the ciphertext from the file and attempts decryption with incrementally generated keys until the correct PIN is found.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: CRYPTOCard CRYPTOAdmin (PT-1)

No auth needed

Prerequisites: Access to the victim's .pdb file

MITRE ATT&CK

T1552.001 - Credentials In Files

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2000-04/0033.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/1097

Exploit, Vendor Advisory vendor-advisory x_refsource_l0pht

http://www.l0pht.com/advisories/cc-pinextract.txt

Scores

EPSS 0.0086

EPSS Percentile 53.7%

Details

Status published

Products (1)

cryptocard/cryptoadmin 4.1

Published Apr 10, 2000

Tracked Since Feb 18, 2026