PT-2022-9676 · Sophos · Sap Authenticator For Android+1

Can Özkan

Published

2022-04-27

Updated

2022-05-06

CVE-2021-25266

CVSS v3.1

3.9

Low

Vector

AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Sophos Authenticator for Android versions 3.4 and older Intercept X for Mobile (Android) versions prior to 9.7.3495

Description An insecure data storage issue allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones.

Recommendations For Sophos Authenticator for Android versions 3.4 and older, update to a version newer than 3.4 to resolve the issue. For Intercept X for Mobile (Android) versions prior to 9.7.3495, update to version 9.7.3495 or newer to resolve the issue.

Fix

Insecure Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-922

Related Identifiers

CVE-2021-25266

Affected Products

Intercept X For Mobile

Sap Authenticator For Android

PT-2022-9676 · Sophos · Sap Authenticator For Android+1

CVE-2021-25266

Weakness Enumeration

Related Identifiers

Affected Products

References · 5