CVE-2000-0492

PassWD 1.2 - Weak Password Encryption

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0492. PoCs published by Daniel Roethlisberger.

AI-analyzed exploit summary This exploit decodes passwords stored by PassWd 1.2 by reversing its weak encoding algorithm. It reads the encoded key from the 'pass.dat' file and decrypts the stored credentials.

Description

PassWD 1.2 uses weak encryption (trivial encoding) to store passwords, which allows an attacker who can read the password file to easliy decrypt the passwords.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Daniel Roethlisberger · clocalwindows

https://www.exploit-db.com/exploits/19989

View Code ZIP pw:eip

This exploit decodes passwords stored by PassWd 1.2 by reversing its weak encoding algorithm. It reads the encoded key from the 'pass.dat' file and decrypts the stored credentials.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: PassWd 1.2

No auth needed

Prerequisites: Access to the 'pass.dat' file

MITRE ATT&CK

T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/1300

Patch, Vendor Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2000-05/0450.html

Scores

EPSS 0.0119

EPSS Percentile 63.9%

Details

Status published

Products (1)

passwd/passwd 1.2

Published Jun 04, 2000

Tracked Since Feb 18, 2026