CVE-2002-2162

Cerulean Studios Trillian <0.73 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-2162. PoCs published by Coeus Group.

AI-analyzed exploit summary This exploit decrypts Trillian's weakly encrypted saved passwords by leveraging a static XOR key. It extracts usernames and passwords from INI files and decrypts them using the hardcoded key.

Description

Cerulean Studios Trillian 0.73 and earlier use weak encrypttion (XOR) for storing user passwords in .ini files in the Trillian directory, which allows local users to gain access to other user accounts.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Coeus Group · clocalwindows

https://www.exploit-db.com/exploits/21781

View Code ZIP pw:eip

This exploit decrypts Trillian's weakly encrypted saved passwords by leveraging a static XOR key. It extracts usernames and passwords from INI files and decrypts them using the hardcoded key.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Trillian 0.73

No auth needed

Prerequisites: Local access to Trillian INI files

MITRE ATT&CK

T1552.001 - Credentials In Files

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/10092.php

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/5677

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/291071

Scores

EPSS 0.0076

EPSS Percentile 50.7%

Details

Status published

Products (3)

cerulean_studios/trillian 0.73

cerulean_studios/trillian 0.725

cerulean_studios/trillian 0.6351

Published Dec 31, 2002

Tracked Since Feb 18, 2026