CVE-2000-0625

NetZero < 3.0 - Weak Encryption of User Login Information

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0625.

AI-analyzed exploit summary This exploit decrypts weakly encrypted NetZero credentials stored in 'jnetz.prop' by reversing a substitution cipher. It reads the encrypted password and user ID, then applies a predefined decryption table to recover the plaintext password.

Description

NetZero 3.0 and earlier uses weak encryption for storing a user's login information, which allows a local user to decrypt the password.

Exploits (1)

exploitdb WORKING POC

clocalwindows

https://www.exploit-db.com/exploits/20081

View Code ZIP pw:eip

This exploit decrypts weakly encrypted NetZero credentials stored in 'jnetz.prop' by reversing a substitution cipher. It reads the encrypted password and user ID, then applies a predefined decryption table to recover the plaintext password.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: NetZero ZeroPort (version not specified)

No auth needed

Prerequisites: Access to the 'jnetz.prop' file on the target system

MITRE ATT&CK

T1552.001 - Credentials In Files

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Patch, Vendor Advisory vendor-advisory x_refsource_l0pht

http://www.l0pht.com/advisories/netzero.txt

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/1483

Scores

EPSS 0.0020

EPSS Percentile 42.7%

Details

Status published

Products (1)

netzero/zeroport < 3.0

Published Jul 18, 2000

Tracked Since Feb 18, 2026