Palm Debugger Password Bypass Vulnerability
BID:2429
Info
Palm Debugger Password Bypass Vulnerability
| Bugtraq ID: | 2429 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 01 2001 12:00AM |
| Updated: | Mar 01 2001 12:00AM |
| Credit: | Reported to bugtraq by Kingpin <[email protected]> on March 1, 2001. |
| Vulnerable: |
Palm Palm OS 3.5.2 Palm Palm OS 3.3 |
| Not Vulnerable: | |
Discussion
Palm Debugger Password Bypass Vulnerability
The Palm OS provides password protection, allowing the device's owner to restrict access to sensitive data on the unit.
An inbuilt Palm OS debugging mode, accessible from the Graffiti stylus interface, allows any user with physical access to the PDA to bypass the unit's password protection.
The debugger mode allows the manipulation of records, applications and system password information, includng retrieval of the system password (in an encrypted form) and importing and exporting databases and applications.
The Palm OS provides password protection, allowing the device's owner to restrict access to sensitive data on the unit.
An inbuilt Palm OS debugging mode, accessible from the Graffiti stylus interface, allows any user with physical access to the PDA to bypass the unit's password protection.
The debugger mode allows the manipulation of records, applications and system password information, includng retrieval of the system password (in an encrypted form) and importing and exporting databases and applications.
Exploit / POC
Palm Debugger Password Bypass Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.