CVE-2000-1173
published 2001-01-09CVE-2000-1173: Microsys CyberPatrol uses weak encryption (trivial encoding) for credit card numbers and uses no encryption for the remainder of the information during…
PriorityP415medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
1.57%
72.2th percentile
Microsys CyberPatrol uses weak encryption (trivial encoding) for credit card numbers and uses no encryption for the remainder of the information during registration, which could allow attackers to sniff network traffic and obtain this sensitive information.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsys | cyberpatrol | — | — |
| microsys | cyberpatrol | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsys CyberPatrol 4.0 4.003/4.0 4.005 - Insecure Registration
exploitdb·2000-11-22
CVE-2000-1173 Microsys CyberPatrol 4.0 4.003/4.0 4.005 - Insecure Registration
Microsys CyberPatrol 4.0 4.003/4.0 4.005 - Insecure Registration
---
source: https://www.securityfocus.com/bid/1977/info
CyberPatrol is popular web access restriction software by Microsys.
A vulnerability exists in the way CyberPatrol submits registration information from its client software to Microsys' backend (cybercentral.microsys.com) that could allow a remote attacker to gather confidential information including credit card details.
The client software claims that all information including credit card details are "scrambled" before being sent to Microsys' backend. Installation of a sniffer has shown that all information with the exception of the credit card number is actually sent in clear text to Microsys. A remote attacker could place a sniffer upstream from the sending client
Exploit-DB
FreeBSD 3.4/4.0/5.0 / NetBSD 1.4 - Unaligned IP Option Denial of Service
exploitdb·2000-05-04
CVE-2000-0440 FreeBSD 3.4/4.0/5.0 / NetBSD 1.4 - Unaligned IP Option Denial of Service
FreeBSD 3.4/4.0/5.0 / NetBSD 1.4 - Unaligned IP Option Denial of Service
---
// source: https://www.securityfocus.com/bid/1173/info
A vulnerability exists in the 1.4.x NetBSD kernel that may allow remote attackers to cause the machine to kernel panic on certain architectures. By sending a packet to a machine running the Alpha or SPARC versions of NetBSD, with an unaligned IP timestamp option, it is possible to cause the kernel to perform an unaligned memory access. This will cause a panic, causing the machine to reboot.
x86 and arm32 platforms have a similar bug. However, as both of these architectures can perform unaligned memory accesses, this vulnerability does not cause them to panic.
It was later determined that FreeBSD, a 4.xBSD derivative like NetBSD, is also vulnerable to this
No writeups or analysis indexed.
2001-01-09
Published