An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495.
References
Link | Resource |
---|---|
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220427-ixm-storage | Vendor Advisory |
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220427-ixm-storage | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 05:54
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.sophos.com/en-us/security-advisories/sophos-sa-20220427-ixm-storageĀ - Vendor Advisory |
Information
Published : 2022-04-27 17:15
Updated : 2024-11-21 05:54
NVD link : CVE-2021-25266
Mitre link : CVE-2021-25266
CVE.ORG link : CVE-2021-25266
JSON object : View
Products Affected
sophos
- intercept_x
- authenticator
CWE
CWE-922
Insecure Storage of Sensitive Information