CVE-2011-5117

Name of the Vulnerable Software and Affected Versions Sophos SafeGuard Enterprise Device Encryption versions 5.x through 5.50.8.13 Sophos SafeGuard Easy Device Encryption Client version 5.50.x Sophos Disk Encryption version 5.50.x

Description The issue concerns a delay in removing out-of-date and invalid credentials, which can be exploited by physically proximate attackers to defeat the full-disk encryption feature. This is possible if the attackers have knowledge of these credentials.

Recommendations For Sophos SafeGuard Enterprise Device Encryption versions 5.x through 5.50.8.13, update to a version later than 5.50.8.13 to ensure timely removal of out-of-date and invalid credentials. For Sophos SafeGuard Easy Device Encryption Client version 5.50.x, consider manually removing out-of-date and invalid credentials to mitigate the risk until a newer version is available. For Sophos Disk Encryption version 5.50.x, restrict access to sensitive data until an update that addresses the credential removal delay is applied.