CVE-2001-0597

Zetetic STRIP <0.5 - Info Disclosure

Title source: llm

Description

Zetetic Secure Tool for Recalling Important Passwords (STRIP) 0.5 and earlier for the PalmOS allows a local attacker to recover passwords via a brute force attack. This attack is made feasible by STRIP's use of SysRandom, which is seeded by TimeGetTicks, and an implementation flaw which vastly reduces the password 'search space'.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Thomas Roessler · clocalpalm_os

https://www.exploit-db.com/exploits/20746

View Code ZIP pw:eip

References (3)

[Exploit, Patch, Vendor Advisory] http://www.securityfocus.com/bid/2567

[Exploit, Patch, Vendor Advisory] http://archives.neohapsis.com/archives/bugtraq/2001-04/0169.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/6362

Scores

EPSS 0.0032

EPSS Percentile 55.3%

Details

Status published

Products (3)

zetetic_enterprises/strip 0.3

zetetic_enterprises/strip 0.4

zetetic_enterprises/strip < 0.5

Published Aug 02, 2001

Tracked Since Feb 18, 2026