CVE-2000-0572
published 2000-07-05CVE-2000-0572: The Razor configuration management tool uses weak encryption for its password file, which allows local users to gain privileges.
PriorityP416medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EXPLOIT
EPSS
0.52%
40.4th percentile
The Razor configuration management tool uses weak encryption for its password file, which allows local users to gain privileges.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| visible_systems | razor | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Visible Systems Razor 4.1 - Password File (1)
exploitdb·2000-06-16
CVE-2000-0572 Visible Systems Razor 4.1 - Password File (1)
Visible Systems Razor 4.1 - Password File (1)
---
// source: https://www.securityfocus.com/bid/1424/info
The Razor Configuration Management program stores passwords in an insecure manner.
A local attacker can obtain the Razor passwords, and either seize control of the software and relevant databases or use those passwords to access other users' accounts on the network.
#include
#include
#include
#include
/************************************************************
dumprazorpasswd -
dumprazorpasswd
- prompts for input hex string to decode
dumprazorpasswd
- prints the users and passwords in
dumprazorpasswd
- encrypts and prints it in hex
16-jun-2000 pbw.
************************************************************/
#define ASCII2BIN(c) ( isdigit(c) ? c - '0' : toupper(c) - '7' )
Exploit-DB
Visible Systems Razor 4.1 - Password File (2)
exploitdb·2000-06-15
CVE-2000-0572 Visible Systems Razor 4.1 - Password File (2)
Visible Systems Razor 4.1 - Password File (2)
---
source: https://www.securityfocus.com/bid/1424/info
The Razor Configuration Management program stores passwords in an insecure manner.
A local attacker can obtain the Razor passwords, and either seize control of the software and relevant databases or use those passwords to access other users' accounts on the network.
#!/usr/local/bin/perl
#
# Title: passwd_rz.pl
# Author: Shawn A. Clifford
# Date: 2000-June-15
# Purpose: Encrypt/decrypt Visible Systems Corp.' Razor passwords
# Usage: passwd_rz.pl [ hex_hash | password_file_name ]
#
# When run without arguments, this program will prompt for
# a plaintext password and produce the ciphertext that Razor
# would create for the same string.
# Eg.: ./passwd_rz.pl
#
# Enter a password, max 8
No writeups or analysis indexed.
http://www.securityfocus.com/bid/1424http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-07-8&msg=613309F30B6DD2118C020000F809376C05CABD49%40emss03m09.orl.lmco.comhttp://www.securityfocus.com/bid/1424http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-07-8&msg=613309F30B6DD2118C020000F809376C05CABD49%40emss03m09.orl.lmco.com
2000-07-05
Published