CVE-2018-9233 (endpoint_protection)
-
Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for attackers to determine a cleartext password, and subsequently choose unsafe malware settings, via rainbow tables or other approaches.
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9233
© Lightnetics 2024