Home / os / winmobile

Sophos Endpoint Protection 10.7 Insecure Cryptography

Posted on 05 April 2018

Sophos Endpoint Protection version 10.7 control panel authentication uses a weak unsalted unicoded cryptographic hash (SHA1) function. Not using a salt allows attackers that gain access to hash ability to conduct faster cracking attacks using pre-computed dictionaries, e.g. rainbow tables. This can potentially result in unauthorized access that could allow for changing of settings, whitelist or unquarantine files.

 

TOP