Vulnerability CVE-2011-5117


Published: 2012-08-24

Description:
Sophos SafeGuard Enterprise Device Encryption 5.x through 5.50.8.13, Sophos SafeGuard Easy Device Encryption Client 5.50.x, and Sophos Disk Encryption 5.50.x have a delay before removal of (1) out-of-date credentials and (2) invalid credentials, which allows physically proximate attackers to defeat the full-disk encryption feature by leveraging knowledge of these credentials.

Type:

CWE-362

CVSS2 => (AV:L/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.9/10
10/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Sophos -> Disk encryption 
Sophos -> Safeguard easy device encryption client 
Sophos -> Safeguard enterprise device encryption 

 References:
http://www.sophos.com/en-us/support/knowledgebase/112655.aspx

Copyright 2022, cxsecurity.com

 

Back to Top