Lucene search
K

4 matches found

exploitpack
exploitpack
added 2018/04/06 12:0 a.m.41 views

Sophos Endpoint Protection Control Panel 10.7 - Weak Password Encryption

Sophos Endpoint Protection Control Panel 10.7 - Weak Password Encryption + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SOPHOS-ENDPOINT-PROTECTION-CONTROL-PANEL-v10.7-INSECURE-CRYPTO-CVE-2018-9233.txt + ISR: Apparition...

2.1CVSS7.7AI score0.01744EPSS
Exploits5
OSV
OSV
added 2018/04/05 5:29 p.m.6 views

CVE-2018-9233

Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for attackers to determine a cleartext password, and subsequently choose unsafe malware settings, via rainbow tables or other...

7.8CVSS5.8AI score0.01744EPSS
Exploits5References3
CVE
CVE
added 2018/04/05 5:0 p.m.61 views

CVE-2018-9233

Sophos Endpoint Protection – Control Panel v10.7 on Windows/macOS is affected by CVE-2018-9233 due to unsalted SHA-1 password storage in machine.xml. The root cause is weak cryptography used for credentials, enabling attackers with local access to recover plaintext passwords (e.g., via rainbow ta...

7.8CVSS7.5AI score0.01744EPSS
Exploits5References3Affected Software1
Packet Storm
Packet Storm
added 2018/04/04 12:0 a.m.47 views

Sophos Endpoint Protection 10.7 Insecure Cryptography

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SOPHOS-ENDPOINT-PROTECTION-CONTROL-PANEL-v10.7-INSECURE-CRYPTO-CVE-2018-9233.txt + ISR: Apparition Security Vendor: ========== www.sophos.com Product: =========== Sophos...

7.6AI score0.01744EPSS
Exploits5
Rows per page
Query Builder