Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-5117

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2011-5117
Last Modified 24 Aug 2012 12:30:28
Published 24 Aug 2012 06:36:42
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2011-5117

Summary

Sophos SafeGuard Enterprise Device Encryption 5.x through 5.50.8.13, Sophos SafeGuard Easy Device Encryption Client 5.50.x, and Sophos Disk Encryption 5.50.x have a delay before removal of (1) out-of-date credentials and (2) invalid credentials, which allows physically proximate attackers to defeat the full-disk encryption feature by leveraging knowledge of these credentials.

Vulnerable Systems

Application

  • Sophos Disk Encryption 5.50.0

  • Sophos Disk Encryption 5.50.1

  • Sophos Disk Encryption 5.50.8

  • Sophos Safeguard Easy Device Encryption Client 5.50.0

  • Sophos Safeguard Easy Device Encryption Client 5.50.1

  • Sophos Safeguard Easy Device Encryption Client 5.50.8

  • Sophos Safeguard Enterprise Device Encryption 5.35.0

  • Sophos Safeguard Enterprise Device Encryption 5.35.1

  • Sophos Safeguard Enterprise Device Encryption 5.35.2

  • Sophos Safeguard Enterprise Device Encryption 5.35.3

  • Sophos Safeguard Enterprise Device Encryption 5.40.0

  • Sophos Safeguard Enterprise Device Encryption 5.50.0

  • Sophos Safeguard Enterprise Device Encryption 5.50.1

  • Sophos Safeguard Enterprise Device Encryption 5.50.8

  • Sophos Safeguard Enterprise Device Encryption 5.6


References

CONFIRM - http://www.sophos.com/en-us/support/knowledgebase/112655.aspx


Last Updated: 27 May 2016 11:00:18