Vulnerability Details : CVE-2002-1975
Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt the screen-locking password as stored in the Security.conf file, which makes it easier for local users to guess the password via brute force methods.
Exploit prediction scoring system (EPSS) score for CVE-2002-1975
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2002-1975
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2002-1975
-
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.Assigned by: nvd@nist.gov (Primary)
References for CVE-2002-1975
-
http://www.iss.net/security_center/static/9535.php
Broken Link
-
http://online.securityfocus.com/archive/1/281437
Broken Link;Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/5201
Broken Link;Third Party Advisory;VDB Entry
Products affected by CVE-2002-1975
- cpe:2.3:o:sharp:zaurus_sl-5000d_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:sharp:zaurus_sl-5500_firmware:-:*:*:*:*:*:*:*