header-logo
Suggest Exploit
vendor:
CRYPTOAdmin
by:
SecurityFocus
7.5
CVSS
HIGH
PIN Retrieval Vulnerability
255
CWE
Product Name: CRYPTOAdmin
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Palm OS
2002

CRYPTOCard CRYPTOAdmin PIN Retrieval Vulnerability

CRYPTOCard CRYPTOAdmin is a network authentication application for use with the Palm OS platform. CRYPTOAdmin generates a .pdb file which contains the username, PIN number, serial number, and key in encrypted or plaintext format. The PIN number can be retrieved due to the software's usage of a fixed 4-byte value in key generation. With access to the .pdb file and PIN number, a user is capable of duplicating the token onto another Palm device effectively gaining access to the network as the compromised user.

Mitigation:

Upgrade to the latest version of CRYPTOCard CRYPTOAdmin.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/1097/info
 
CRYPTOCard CRYPTOAdmin is a network authentication application for use with the Palm OS platform. CRYPTOAdmin generates a .pdb file which contains the username, PIN number, serial number, and key in encrypted or plaintext format. The PIN number can be retrieved due to the software's usage of a fixed 4-byte value in key generation. With access to the .pdb file and PIN number, a user is capable of duplicating the token onto another Palm device effectively gaining access to the network as the compromised user. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/19839.zip

Navigation

Suggest Exploit

Services By CQR