REX 6000 MicroPDA transmits plaintext password information
| rex6000-pda-password-retrieval (7584) |  Low Risk |
Description:
The Xircom (Intel) REX 6000 Personal Digital Assistant (PDA) could allow a local attacker to obtain the ten digit Personal Identification Number (PIN) used for authentication. If the Rextools management utility is used to manage content in the PDA, the PIN is transmitted in plain text from the REX 6000 PDA to the system running Rextools. A local attacker using a serial monitor could connect to the PDA using Rextools to obtain the PIN and gain unauthorized access to the REX 6000 PDA.
Consequences:
Obtain Information
Remedy:
No remedy available as of July 9, 2011.
References:
- BugTraq Mailing List, Fri Nov 23 2001 - 07:38:24 CST: Xircom REX6000 PDA Password Retrieval.
- REX6000.org Web site: Welcome to the REX 6000 Help page.
- BID-3574: Xircom Rex 6000 Password Retrieval Vulnerability
- CVE-2001-1520: Xircom REX 6000 allows local users to obtain the 10 digit PIN by starting a serial monitor, connecting to the personal digital assistant (PDA) via Rextools, and capturing the cleartext PIN.
Platforms Affected:
- Intel Xircom REX 6000
Reported:
Nov 23, 2001
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net