Vulnerabilities > CVE-2000-1008 - Unspecified vulnerability in Palm OS

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

palm

exploit available

NVD

Published: 2000-12-11

Updated: 2008-09-05

Summary

PalmOS 3.5.2 and earlier uses weak encryption to store the user password, which allows attackers with physical access to the Palm device to decrypt the password and gain access to the device.

Vulnerable Configurations

Part	Description	Count
OS	Palm Palm Palm OS *	1

Exploit-Db

description	Palm OS 3.5.2 Weak Encryption Vulnerability. CVE-2000-1008. Local exploit for palm_os platform
id	EDB-ID:20241
last seen	2016-02-02
modified	2000-09-26
published	2000-09-26
reporter	@stake
source	https://www.exploit-db.com/download/20241/
title	Palm OS 3.5.2 Weak Encryption Vulnerability

References

http://www.atstake.com/research/advisories/2000/a092600-1.txt
http://www.securityfocus.com/bid/1715