4 matches found
Sophos Endpoint Protection Control Panel 10.7 - Weak Password Encryption
Sophos Endpoint Protection Control Panel 10.7 - Weak Password Encryption + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SOPHOS-ENDPOINT-PROTECTION-CONTROL-PANEL-v10.7-INSECURE-CRYPTO-CVE-2018-9233.txt + ISR: Apparition...
CVE-2018-9233
Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for attackers to determine a cleartext password, and subsequently choose unsafe malware settings, via rainbow tables or other...
CVE-2018-9233
Sophos Endpoint Protection – Control Panel v10.7 on Windows/macOS is affected by CVE-2018-9233 due to unsalted SHA-1 password storage in machine.xml. The root cause is weak cryptography used for credentials, enabling attackers with local access to recover plaintext passwords (e.g., via rainbow ta...
Sophos Endpoint Protection 10.7 Insecure Cryptography
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SOPHOS-ENDPOINT-PROTECTION-CONTROL-PANEL-v10.7-INSECURE-CRYPTO-CVE-2018-9233.txt + ISR: Apparition Security Vendor: ========== www.sophos.com Product: =========== Sophos...