Vulnerability-Lookup - Search a vulnerability

Refine your search

Product

Sort by

Order

Sources

1 vulnerability found for Sophos Disk Encryption by Sophos Ltd.

jvndb-2014-000061

Vulnerability from jvndb

Published

2014-06-24 14:21

Modified

2014-06-26 17:46

Severity ?

() - -

Summary

Sophos Disk Encryption vulnerable to authentication bypass

Details

Sophos Disk Encryption contains an authentication bypass vulnerability. Sophos Disk Encryption is a product to encrypt hard disk data on Windows PC. By default, Window requires logon authentication when the PC wakes up from hibernation or sleep mode. When Sophos Disk Encryption is installed, no authentication is required before operating the PC. Cybozu Inc. Security Incident Response Team reported this vulnerability to the developer. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN63940326/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2005
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2005
	IPA SECURITY ALERTS	http://www.ipa.go.jp/security/ciadr/vul/20140624-jvn.html
	Improper Authentication(CWE-287)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

Sophos Ltd.

Sophos Disk Encryption

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000061.html",
  "dc:date": "2014-06-26T17:46+09:00",
  "dcterms:issued": "2014-06-24T14:21+09:00",
  "dcterms:modified": "2014-06-26T17:46+09:00",
  "description": "Sophos Disk Encryption contains an authentication bypass vulnerability.\r\n\r\nSophos Disk Encryption is a product to encrypt hard disk data on Windows PC. By default, Window requires logon authentication when the PC wakes up from hibernation or sleep mode. When Sophos Disk Encryption is installed, no authentication is required before operating the PC.\r\n\r\nCybozu Inc. Security Incident Response Team reported this vulnerability to the developer.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000061.html",
  "sec:cpe": {
    "#text": "cpe:/a:sophos:disk_encryption",
    "@product": "Sophos Disk Encryption",
    "@vendor": "Sophos Ltd.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "4.7",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2014-000061",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN63940326/index.html",
      "@id": "JVN#63940326",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2005",
      "@id": "CVE-2014-2005",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2005",
      "@id": "CVE-2014-2005",
      "@source": "NVD"
    },
    {
      "#text": "http://www.ipa.go.jp/security/ciadr/vul/20140624-jvn.html",
      "@id": "Security Alert for Sophos Disk Encryption vulnerable to authentication bypass (JVN#63940326)",
      "@source": "IPA SECURITY ALERTS"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-287",
      "@title": "Improper Authentication(CWE-287)"
    }
  ],
  "title": "Sophos Disk Encryption vulnerable to authentication bypass"
}