Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2018-9233
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for attackers to determine a cleartext password, and subsequently choose unsafe malware settings, via rainbow tables or other approaches.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Sophos Endpoint Protection 加密问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Sophos Endpoint Protection是英国Sophos公司的一套同时提供防恶意软件和数据保护功能的安全防护解决方案。该方案包括恶意软件防护、客户端防火墙和数据泄露保护等功能。 Sophos Endpoint Protection 10.7版本中存在加密问题漏洞,该漏洞源于在%PROGRAMDATA%SophosSophos Anti-VirusConfigmachine.xml中程序使用了未加盐的SHA-1散列来存储密码。本地攻击者可借助彩虹表或其他方法利用该漏洞确定明文密码,更改设置。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
-n/a n/a -
II. Public POCs for CVE-2018-9233
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2018-9233
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: n/a
Same vendor: n/a
V. Comments for CVE-2018-9233

No comments yet

Leave a comment