Zetetic Secure Tool for Recalling Important Passwords ...
High severity
Unreviewed
Published
Apr 30, 2022
to the GitHub Advisory Database
•
Updated Jan 30, 2023
Description
Published by the National Vulnerability Database
Aug 2, 2001
Published to the GitHub Advisory Database
Apr 30, 2022
Last updated
Jan 30, 2023
Zetetic Secure Tool for Recalling Important Passwords (STRIP) 0.5 and earlier for the PalmOS allows a local attacker to recover passwords via a brute force attack. This attack is made feasible by STRIP's use of SysRandom, which is seeded by TimeGetTicks, and an implementation flaw which vastly reduces the password 'search space'.
References