CVE-2002-1975

MEDIUM

Sharp Zaurus Sl-5000d Firmware - Weak Encryption

Title source: rule

Description

Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt the screen-locking password as stored in the Security.conf file, which makes it easier for local users to guess the password via brute force methods.

References (3)

[Broken Link, Third Party Advisory, VDB Entry] http://online.securityfocus.com/archive/1/281437

[Broken Link] http://www.iss.net/security_center/static/9535.php

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/5201

Scores

CVSS v3 5.5

EPSS 0.0006

EPSS Percentile 19.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-326

Status draft

Affected Products (2)

sharp/zaurus_sl-5000d_firmware

sharp/zaurus_sl-5500_firmware

Timeline

Published Dec 31, 2002

Tracked Since Feb 18, 2026