CVE-2002-1975
MEDIUMSharp Zaurus SL-5000D and SL-5500 Firmware - Inadequate Encryption Strength in Password Storage
Title source: llmDescription
Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt the screen-locking password as stored in the Security.conf file, which makes it easier for local users to guess the password via brute force methods.
References (3)
Core 3
Core References
Broken Link, Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://online.securityfocus.com/archive/1/281437
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/5201
Broken Link vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/9535.php
Scores
CVSS v3
5.5
EPSS
0.0024
EPSS Percentile
14.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-326
Status
published
Products (2)
sharp/zaurus_sl-5000d_firmware
sharp/zaurus_sl-5500_firmware
Published
Dec 31, 2002
Tracked Since
Feb 18, 2026