Sophos Disk Encryption (SDE) 5.x in Sophos Enterprise Console (SEC) 5.x before 5.2.2 does not enforce intended authentication requirements for a resume action from sleep mode, which allows physically proximate attackers to obtain desktop access by leveraging the absence of a login screen.
References
Link | Resource |
---|---|
http://jvn.jp/en/jp/JVN63940326/index.html | Third Party Advisory VDB Entry |
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000061 | Third Party Advisory VDB Entry |
http://www.sophos.com/en-us/support/knowledgebase/121066.aspx | Vendor Advisory |
http://www.securityfocus.com/bid/68169 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
Information
Published : 2014-06-25 04:19
Updated : 2019-09-27 10:36
NVD link : CVE-2014-2005
Mitre link : CVE-2014-2005
JSON object : View
CWE
CWE-287
Improper Authentication
Products Affected
sophos
- enterprise_console