Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for attackers to determine a cleartext password, and subsequently choose unsafe malware settings, via rainbow tables or other approaches.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-04-05T17:00:00
Updated: 2024-08-05T07:17:51.829Z
Reserved: 2018-04-03T00:00:00
Link: CVE-2018-9233
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2018-04-05T17:29:00.363
Modified: 2019-10-03T00:03:26.223
Link: CVE-2018-9233
Redhat
No data.