CVE-2000-0572

Razor - Weak Password Encryption

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2000-0572. PoCs published by pbw, Shawn A. Clifford.

AI-analyzed exploit summary This exploit demonstrates how the Razor Configuration Management program stores passwords insecurely, allowing a local attacker to decode and retrieve plaintext passwords from the system. The code includes functions to decrypt stored passwords or encrypt new ones using a simple rotation cipher.

Description

The Razor configuration management tool uses weak encryption for its password file, which allows local users to gain privileges.

Exploits (2)

exploitdb WORKING POC VERIFIED

by pbw · clocalunix

https://www.exploit-db.com/exploits/20056

View Code ZIP pw:eip

This exploit demonstrates how the Razor Configuration Management program stores passwords insecurely, allowing a local attacker to decode and retrieve plaintext passwords from the system. The code includes functions to decrypt stored passwords or encrypt new ones using a simple rotation cipher.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Razor Configuration Management (version not specified)

No auth needed

Prerequisites: Local access to the system where Razor is installed · Access to the Razor password file

MITRE ATT&CK

T1552.001 - Credentials In Files

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Shawn A. Clifford · perllocalunix

https://www.exploit-db.com/exploits/20058

View Code ZIP pw:eip

This Perl script decrypts and encrypts passwords stored by the Razor Configuration Management program, which uses a weak cipher (bit rotation). It can process a password file to reveal plaintext credentials or generate ciphertext from plaintext.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Visible Systems Corp. Razor Configuration Management

No auth needed

Prerequisites: Local access to the Razor password file (rz_passwd) or a hex-encoded password hash

MITRE ATT&CK

T1552.001 - Credentials In Files

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/1424

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-07-8&msg=613309F30B6DD2118C020000F809376C05CABD49%40emss03m09.orl.lmco.com

Scores

EPSS 0.0052

EPSS Percentile 40.4%

Details

Status published

Products (1)

visible_systems/razor 4.1

Published Jul 05, 2000

Tracked Since Feb 18, 2026