漏洞标题
N/A
漏洞描述信息
Sophos SafeGuard Enterprise Device Encryption 5.x through 5.50.8.13, Sophos SafeGuard Easy Device Encryption Client 5.50.x, and Sophos Disk Encryption 5.50.x 在删除(1)过时的用户名和(2)无效用户名之前会延迟一段时间。这允许距离较远的物理攻击者利用这些用户名的知识来绕过全磁盘加密功能。
CVSS信息
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Sophos SafeGuard Enterprise Device Encryption 5.x through 5.50.8.13, Sophos SafeGuard Easy Device Encryption Client 5.50.x, and Sophos Disk Encryption 5.50.x have a delay before removal of (1) out-of-date credentials and (2) invalid credentials, which allows physically proximate attackers to defeat the full-disk encryption feature by leveraging knowledge of these credentials.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Sophos SafeGuard 竞争条件漏洞
漏洞描述信息
Sophos SafeGuard Enterprise Device Encryption 5.x版本至5.50.8.13版本、Sophos SafeGuard Easy Device Encryption Client 5.50.x版本、Sophos Disk Encryption 5.50.x版本中存在漏洞,该漏洞源于删除(1)过期的凭证和(2)无效的凭证之前有延迟。相邻攻击者可利用这些凭证的知识破解所有磁盘加密功能。
CVSS信息
N/A
漏洞类别
授权问题