{"api_version":"1","generated_at":"2026-05-10T08:14:45+00:00","cve":"CVE-2000-1008","urls":{"html":"https://cve.report/CVE-2000-1008","api":"https://cve.report/api/cve/CVE-2000-1008.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2000-1008","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2000-1008"},"summary":{"title":"CVE-2000-1008","description":"PalmOS 3.5.2 and earlier uses weak encryption to store the user password, which allows attackers with physical access to the Palm device to decrypt the password and gain access to the device.","state":"PUBLISHED","assigner":"mitre","published_at":"2000-12-11 05:00:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.6","severity":"","vector":"AV:L/AC:L/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"http://www.atstake.com/research/advisories/2000/a092600-1.txt","name":"http://www.atstake.com/research/advisories/2000/a092600-1.txt","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Vendor Advisory"],"title":"","mime":"text/plain","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/1715","name":"http://www.securityfocus.com/bid/1715","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Vendor Advisory"],"title":"Palm OS Weak Encryption Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2000-1008","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2000-1008","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2000","cve_id":"1008","vulnerable":"1","versionEndIncluding":"3.5.2","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"palm","cpe5":"palm_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-08T05:37:32.199Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"1715","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/1715"},{"name":"A092600-1","tags":["vendor-advisory","x_refsource_ATSTAKE","x_transferred"],"url":"http://www.atstake.com/research/advisories/2000/a092600-1.txt"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2000-09-26T00:00:00.000Z","descriptions":[{"lang":"en","value":"PalmOS 3.5.2 and earlier uses weak encryption to store the user password, which allows attackers with physical access to the Palm device to decrypt the password and gain access to the device."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2003-05-08T09:00:00.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"1715","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/1715"},{"name":"A092600-1","tags":["vendor-advisory","x_refsource_ATSTAKE"],"url":"http://www.atstake.com/research/advisories/2000/a092600-1.txt"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2000-1008","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"PalmOS 3.5.2 and earlier uses weak encryption to store the user password, which allows attackers with physical access to the Palm device to decrypt the password and gain access to the device."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"1715","refsource":"BID","url":"http://www.securityfocus.com/bid/1715"},{"name":"A092600-1","refsource":"ATSTAKE","url":"http://www.atstake.com/research/advisories/2000/a092600-1.txt"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2000-1008","datePublished":"2000-11-29T05:00:00.000Z","dateReserved":"2000-11-24T00:00:00.000Z","dateUpdated":"2024-08-08T05:37:32.199Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2000-12-11 05:00:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":true,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:palm:palm_os:*:*:*:*:*:*:*:*","versionEndIncluding":"3.5.2","matchCriteriaId":"189F51EC-95A6-499A-8F51-39F67B49C7C2"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2000","CveId":"1008","Ordinal":"1","Title":"CVE-2000-1008","CVE":"CVE-2000-1008","Year":"2000"},"notes":[{"CveYear":"2000","CveId":"1008","Ordinal":"1","NoteData":"PalmOS 3.5.2 and earlier uses weak encryption to store the user password, which allows attackers with physical access to the Palm device to decrypt the password and gain access to the device.","Type":"Description","Title":"CVE-2000-1008"},{"CveYear":"2000","CveId":"1008","Ordinal":"2","NoteData":"2000-11-29","Type":"Other","Title":"Published"},{"CveYear":"2000","CveId":"1008","Ordinal":"3","NoteData":"2003-05-08","Type":"Other","Title":"Modified"}]}}}