CVE-2001-0597

Zetetic STRIP <0.5 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0597. PoCs published by Thomas Roessler.

AI-analyzed exploit summary This exploit demonstrates a weakness in the pseudo-random number generation of Strip (a PalmOS password generator), allowing brute-force guessing of passwords due to a limited 16-bit seed space. The code implements the flawed PRNG and iterates through all possible seeds to generate and test potential passwords.

Description

Zetetic Secure Tool for Recalling Important Passwords (STRIP) 0.5 and earlier for the PalmOS allows a local attacker to recover passwords via a brute force attack. This attack is made feasible by STRIP's use of SysRandom, which is seeded by TimeGetTicks, and an implementation flaw which vastly reduces the password 'search space'.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Thomas Roessler · clocalpalm_os
https://www.exploit-db.com/exploits/20746

This exploit demonstrates a weakness in the pseudo-random number generation of Strip (a PalmOS password generator), allowing brute-force guessing of passwords due to a limited 16-bit seed space. The code implements the flawed PRNG and iterates through all possible seeds to generate and test potential passwords.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Strip (Secure Tool for Recalling Important Passwords) for PalmOS
No auth needed
Prerequisites: Access to an encrypted password generated by Strip
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/2567
Exploit, Patch, Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-04/0169.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/6362

Scores

EPSS 0.0107
EPSS Percentile 60.6%

Details

Status published
Products (3)
zetetic_enterprises/strip 0.3
zetetic_enterprises/strip 0.4
zetetic_enterprises/strip < 0.5
Published Aug 02, 2001
Tracked Since Feb 18, 2026