CVE-2002-0486

Intellisol Xpede 4.1 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0486. PoCs published by c3rb3r.

AI-analyzed exploit summary This Perl script decodes weakly encrypted Xpede authentication cookies to extract plaintext credentials. It searches for cookie files, identifies Xpede-specific signatures, and reverses the obfuscation using a known permutation and shifting algorithm.

Description

Intellisol Xpede 4.1 uses weak encryption to store authentication information in cookies, which could allow local users with access to the cookies to gain privileges.

Exploits (1)

exploitdb WORKING POC VERIFIED

by c3rb3r · perllocalwindows

https://www.exploit-db.com/exploits/21351

View Code ZIP pw:eip

This Perl script decodes weakly encrypted Xpede authentication cookies to extract plaintext credentials. It searches for cookie files, identifies Xpede-specific signatures, and reverses the obfuscation using a known permutation and shifting algorithm.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Xpede (version unspecified, likely pre-2002)

No auth needed

Prerequisites: Access to local or stolen cookie files from a system where Xpede was used

MITRE ATT&CK

T1552 - Unsecured Credentials T1539 - Steal Web Session Cookie

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/263485

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/8614

Exploit, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/4344

Scores

EPSS 0.0079

EPSS Percentile 51.6%

Details

Status published

Products (2)

workforceroi/xpede 4.1

workforceroi/xpede 7.0

Published Aug 12, 2002

Tracked Since Feb 18, 2026