Unsalted SHA-1 Hash Vulnerability in Sophos Endpoint Protection 10.7

Unsalted SHA-1 Hash Vulnerability in Sophos Endpoint Protection 10.7

CVE-2018-9233 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for attackers to determine a cleartext password, and subsequently choose unsafe malware settings, via rainbow tables or other approaches.

Learn more about our Web Application Penetration Testing UK.