Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-0559 — Etrust Intrusion Detection vulnerability

4 documents4 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 68.99%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Broadcom Etrust Intrusion Detection

Timeline

PublishedJun 7

Latest updateApr 30

Description

eTrust Intrusion Detection System (formerly SessionWall-3) uses weak encryption (XOR) to store administrative passwords in the registry, which allows local users to easily decrypt the passwords.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

▶NVDbroadcom/etrust_intrusion_detection1.4.1.13

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-mfrx-mc2c-9g9w: eTrust Intrusion Detection System (formerly SessionWall-3) uses weak encryption (XOR) to store administrative passwords in the registry, which allows↗2022-04-30

▶

CVEList

CVE-2000-0559: eTrust Intrusion Detection System (formerly SessionWall-3) uses weak encryption (XOR) to store administrative passwords in the registry, which allows↗2000-07-12

▶

💥Exploits & PoCs

Exploit-DB

Computer Associates eTrust Intrusion Detection 1.4.1.13 - Weak Encryption↗2000-06-07

▶