Grand Idea Studio

SafeWord e.iD Palm Authenticator PIN Extraction

 

Secure Computing’s SafeWord is a user authentication and access control suite which uses various hardware and software token devices for the creation of dynamic, one-time passwords. The e.iD Palm Authenticator, which runs on a Palm handheld device, generates the one-time-password response. A Palm OS .PDB file is created for each user and loaded onto their Palm device. By gaining access to the .PDB file, the legitimate user’s PIN can be determined within hours through a series of DES encrypt-and-compares.

Application: Secure Computing SafeWord 5.1.1 with e.iD Palm Authenticator v2.0
Platforms: Server software on any environment and token software on any Palm OS device
Severity: An attacker can clone the one-time-password response scheme of the legitimate user.

Security Advisory: SafeWord e.iD Palm Authenticator PIN Extraction

e.iD Extract is a PIN extraction tool for Secure Computing’s Safeword e.iD Palm soft-token. Requires the Palm OS .PDB token file from the e.iD Authenticator Palm application.

Platforms: Win 95/98/NT/2K

Tool: e.iD Extract

Originally published as an @stake Security Advisory.

Press

MacroFab Engineering Podcast

Joe Grand: The Origin Story

Atari 2600 Game By Game Podcast

SCSIcide/Ultra SCSIcide with Joe ...

Hacker Warehouse TV

Hardware Hacking - Joe Grand ...