PT-2014-4426 · Sophos · Sophos Enterprise Console+1

Published

2014-06-25

Updated

2019-09-27

CVE-2014-2005

CVSS v2.0

6.9

Medium

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Sophos Disk Encryption (SDE) versions 5.x Sophos Enterprise Console (SEC) versions 5.x through 5.2.1

Description The issue concerns a lack of enforcement of intended authentication requirements when resuming from sleep mode. This allows physically proximate attackers to gain desktop access without encountering a login screen.

Recommendations For Sophos Disk Encryption (SDE) versions 5.x, update to a version that includes the necessary authentication enforcement. For Sophos Enterprise Console (SEC) versions 5.x through 5.2.1, update to version 5.2.2 or later to ensure proper authentication requirements are enforced when resuming from sleep mode.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2014-2005

Affected Products

Sophos Disk Encryption

Sophos Enterprise Console

PT-2014-4426 · Sophos · Sophos Enterprise Console+1

CVE-2014-2005

Weakness Enumeration

Related Identifiers

Affected Products

References · 5