Secure Computing's SafeWord is a user authentication and access control suite which uses various hardware and software token devices for the creation of dynamic, one-time passwords. The e.iD Palm Authenticator, which runs on a Palm handheld device, generates the one-time-password response. A Palm OS .PDB file is created for each user and loaded onto their Palm device. By gaining access to the .PDB file, the legitimate user's PIN can be determined within hours through a series of DES encrypt-and-compares.
Application: Secure Computing SafeWord 5.1.1 with e.iD Palm Authenticator v2.0
Platforms: Server software on any environment and token software on any Palm OS device
Severity: An attacker can clone the one-time-password response scheme of the legitimate user.
Security Advisory: SafeWord e.iD Palm Authenticator PIN Extraction
e.iD Extract is a PIN extraction tool for Secure Computing's Safeword e.iD Palm soft-token. Requires the Palm OS .PDB token file from the e.iD Authenticator Palm application.
Platforms: Win 95/98/NT/2K
Originally published as an @stake Security Advisory.