CVE-2000-0275
published 2000-04-10CVE-2000-0275: CRYPTOCard CryptoAdmin for PalmOS uses weak encryption to store a user's PIN number, which allows an attacker with access to the .PDB file to generate valid…
PriorityP411low2.1CVSS 2.0
AVLACLAuNCPINAN
EXPLOIT
EPSS
0.85%
53.7th percentile
CRYPTOCard CryptoAdmin for PalmOS uses weak encryption to store a user's PIN number, which allows an attacker with access to the .PDB file to generate valid PT-1 tokens after cracking the PIN.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cryptocard | cryptoadmin | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
CRYPTOCard CRYPTOAdmin 4.1 on PalmOS PIN improper authentication (EDB-19838 / BID-1097)
vuldb·2026-04-21·CVSS 2.1
CVE-2000-0275 [LOW] CRYPTOCard CRYPTOAdmin 4.1 on PalmOS PIN improper authentication (EDB-19838 / BID-1097)
A vulnerability was found in CRYPTOCard CRYPTOAdmin 4.1 on PalmOS. It has been declared as problematic. Affected by this issue is some unknown functionality of the component PIN Handler. Such manipulation leads to improper authentication.
This vulnerability is traded as CVE-2000-0275. An attack has to be approached locally. Furthermore, there is an exploit available.
GHSA
GHSA-j3qx-3h5c-5hvp: CRYPTOCard CryptoAdmin for PalmOS uses weak encryption to store a user's PIN number, which allows an attacker with access to the
ghsa_unreviewed·2022-04-30
CVE-2000-0275 [LOW] GHSA-j3qx-3h5c-5hvp: CRYPTOCard CryptoAdmin for PalmOS uses weak encryption to store a user's PIN number, which allows an attacker with access to the
CRYPTOCard CryptoAdmin for PalmOS uses weak encryption to store a user's PIN number, which allows an attacker with access to the .PDB file to generate valid PT-1 tokens after cracking the PIN.
No detection rules found.
Exploit-DB
CRYPTOCard CRYPTOAdmin 4.1 - Weak Encryption (2)
exploitdb·2000-04-10
CVE-2000-0275 CRYPTOCard CRYPTOAdmin 4.1 - Weak Encryption (2)
CRYPTOCard CRYPTOAdmin 4.1 - Weak Encryption (2)
---
source: https://www.securityfocus.com/bid/1097/info
CRYPTOCard CRYPTOAdmin is a network authentication application for use with the Palm OS platform. CRYPTOAdmin generates a .pdb file which contains the username, PIN number, serial number, and key in encrypted or plaintext format. The PIN number can be retrieved due to the software's usage of a fixed 4-byte value in key generation. With access to the .pdb file and PIN number, a user is capable of duplicating the token onto another Palm device effectively gaining access to the network as the compromised user.
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/19839.zip
Exploit-DB
CRYPTOCard CRYPTOAdmin 4.1 - Weak Encryption (1)
exploitdb·2000-04-10
CVE-2000-0275 CRYPTOCard CRYPTOAdmin 4.1 - Weak Encryption (1)
CRYPTOCard CRYPTOAdmin 4.1 - Weak Encryption (1)
---
// source: https://www.securityfocus.com/bid/1097/info
CRYPTOCard CRYPTOAdmin is a network authentication application for use with the Palm OS platform. CRYPTOAdmin generates a .pdb file which contains the username, PIN number, serial number, and key in encrypted or plaintext format. The PIN number can be retrieved due to the software's usage of a fixed 4-byte value in key generation. With access to the .pdb file and PIN number, a user is capable of duplicating the token onto another Palm device effectively gaining access to the network as the compromised user.
#include
#include
int main(int argc, char **argv)
{
des_cblock in,out,key,valid = {0x63, 0x6A, 0x2A, 0x3F,
0x25, 0x6D, 0x67, 0x6C};
des_key_schedule sched;
unsigned long mass
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2000-04/0033.htmlhttp://www.l0pht.com/advisories/cc-pinextract.txthttp://www.securityfocus.com/bid/1097http://archives.neohapsis.com/archives/bugtraq/2000-04/0033.htmlhttp://www.l0pht.com/advisories/cc-pinextract.txthttp://www.securityfocus.com/bid/1097
2000-04-10
Published