CVE-2000-0492
published 2000-06-04CVE-2000-0492: PassWD 1.2 uses weak encryption (trivial encoding) to store passwords, which allows an attacker who can read the password file to easliy decrypt the passwords.
PriorityP417medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
1.19%
64.1th percentile
PassWD 1.2 uses weak encryption (trivial encoding) to store passwords, which allows an attacker who can read the password file to easliy decrypt the passwords.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| passwd | passwd | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Snitz Forums 2000 3.4.03 - 'search.asp' Cross-Site Scripting
exploitdb·2003-06-16
CVE-2003-0492 Snitz Forums 2000 3.4.03 - 'search.asp' Cross-Site Scripting
Snitz Forums 2000 3.4.03 - 'search.asp' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/7922/info
Snitz Forums is prone to cross-site scripting attacks. This is due to insufficient sanitization of data passed to the search facility via URI parameters.
Exploitation may allow theft of cookie-based authentication credentials or other attacks.
This issue was reported in Snitz Forums 3.4.0.3, other versions might also be affected.
http://www.example.com/search.asp?Search="> alert()
Exploit-DB
PassWD 1.2 - Weak Encryption
exploitdb·2000-06-04
CVE-2000-0492 PassWD 1.2 - Weak Encryption
PassWD 1.2 - Weak Encryption
---
// source: https://www.securityfocus.com/bid/1300/info
PassWd 1.2 is a password management utility designed to store user login information to various URLs. The login information, which includes username, password and link location is stored in the pass.dat file which resides in the PassWD directory. The information is encrypted with a weak encoding algorithm and includes the key which can be used to decode any stored password.
/*
* Decoder for PassWD v1.2 `pass.dat' password files
*
* Written 2000 by Daniel Roethlisberger
*
* This code is hereby placed in the public domain.
* Use this code at your own risk for whatever you want.
*
* The decoded data is not parsed in any way - it should
* be very easy to moderately experienced programmers
* to add that
No writeups or analysis indexed.
2000-06-04
Published