Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495.
CVSS Information
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
N/A
Vulnerability Title
Sophos Authenticator 安全漏洞
Vulnerability Description
Sophos Authenticator是英国Sophos公司的一个简单直观的应用程序。用于在移动设备上提供多重身份验证。 Sophos Authenticator 存在安全漏洞,该漏洞源于不安全的数据存储。具有root权限的物理攻击者利用此漏洞可从未锁定的手机中检索TOTP密钥。以下产品和版本受到影响:Sophos Authenticator for Android 3.4 及之前版本和Intercept X for Mobile (Android) 9.7.3495 之前版本。
CVSS Information
N/A
Vulnerability Type
N/A