Bugtraq mailing list archives
R: @stake Advisory: PalmOS Password Retrieval and Decoding (A092600- 1)
From: Raistlin <raistlin () EDISONS IT>
Date: Wed, 20 Dec 2000 21:14:20 +0100
It is possible to obtain an encoded form of the password, determine the actual password due to a weak, reversable encoding scheme, and access a users private data. In order for this attack to be successful, the attacker must have physical access to the target Palm device.
If you do have access to a Palm Pilot and a HotSynch craddle, as you need for this "exploit" to work, there is no need whatsoever to retrieve the user's password to see his data. What you need to do is explained in big bold letters on the Palm user's manual: 1) HotSynch 2) Hard Reset ( press and hold power button while hitting reset button, until the palm logo pops up, and then hit "down" key ) 3) switch the HotSynch setting to "Desktop Overwrites Handheld" 4) HotSynch Et voila', you got rid of the password, and you have full access to the hidden records. Your advisory is completely true where you say that handheld PCs lack security. But there is no need to "exploit" them. They come exploited by defaulted. Stefano "Raistlin" Zanero System Administrator Gioco.Net public PGP key block at http://gioco.net/pgpkeys
Current thread:
- @stake Advisory: PalmOS Password Retrieval and Decoding (A092600- 1) @stake Advisories (Dec 19)
- R: @stake Advisory: PalmOS Password Retrieval and Decoding (A092600- 1) Raistlin (Dec 20)