Vulnerability Name:

CVE-2000-1008 (CCN-5308)

Assigned:2000-09-26
Published:2000-09-26
Updated:2008-09-05
Summary:PalmOS 3.5.2 and earlier uses weak encryption to store the user password, which allows attackers with physical access to the Palm device to decrypt the password and gain access to the device.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Obtain Information
References:Source: CCN
Type: BugTraq Mailing List, Thu Sep 28 2000 - 10:08:37 CDT
PalmOS password recovery

Source: MITRE
Type: CNA
CVE-2000-1008

Source: ATSTAKE
Type: Exploit, Patch, Vendor Advisory
A092600-1

Source: BID
Type: Exploit, Patch, Vendor Advisory
1715

Source: CCN
Type: BID-1715
Palm OS Weak Encryption Vulnerability

Source: XF
Type: UNKNOWN
palm-weak-encryption(5308)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:palm:palm_os:*:*:*:*:*:*:*:* (Version <= 3.5.2)

  • Configuration CCN 1:
  • cpe:/o:palm:palm_os:3.5.2:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2000-1008 (CCN-5806)

    Assigned:2000-09-26
    Published:2000-09-26
    Updated:2000-09-26
    Summary:Palm OS could allow an attacker to obtain the encoded password of the user that can easily be decoded. A weak encryption algorithm during the HotSync process could allow an attacker with physical access to the Palm device to obtain the encoded password and decrypt the password. This could allow an attacker to gain access to sensitive information.
    CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
    Exploitability Metrics:Attack Vector (AV): Local
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): None
    Availibility (A): None
    CVSS v2 Severity:4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
    Exploitability Metrics:Access Vector (AV): Local
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): Partial
    Availibility (A): Partial
    2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
    Exploitability Metrics:Access Vector (AV): Local
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): None
    Availibility (A): None
    Vulnerability Consequences:Obtain Information
    References:Source: MITRE
    Type: CNA
    CVE-2000-1008

    Source: CCN
    Type: BID-1715
    Palm OS Weak Encryption Vulnerability

    Source: CCN
    Type: @stake, Inc. Security Advisory A092600-1
    PalmOS Password Retrieval and Decoding

    Source: XF
    Type: UNKNOWN
    palmos-password-retrieval(5806)

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/o:palm:palm_os:3.5.2:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    palm palm os *
    palm palm os 3.5.2
    palm palm os 3.5.2