- Description
- Zetetic Secure Tool for Recalling Important Passwords (STRIP) 0.5 and earlier for the PalmOS allows a local attacker to recover passwords via a brute force attack. This attack is made feasible by STRIP's use of SysRandom, which is seeded by TimeGetTicks, and an implementation flaw which vastly reduces the password 'search space'.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 7.2
- Impact score
- 10
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:C/I:C/A:C
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zetetic_enterprises:strip:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1F276858-9B45-4DEE-8C00-08A5EDC33B54",
"versionEndIncluding": "0.5"
},
{
"criteria": "cpe:2.3:a:zetetic_enterprises:strip:0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "75C0B4C4-67EA-455D-B60E-8C696F1B95F7"
},
{
"criteria": "cpe:2.3:a:zetetic_enterprises:strip:0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "852AD6E7-AD9A-4744-A5F7-73C15F8F3467"
}
],
"operator": "OR"
}
]
}
]