CVSS: 6.9EPSS: 0%CPEs: 15EXPL: 0CVE-2011-5117
https://notcve.org/view.php?id=CVE-2011-5117
Sophos SafeGuard Enterprise Device Encryption 5.x through 5.50.8.13, Sophos SafeGuard Easy Device Encryption Client 5.50.x, and Sophos Disk Encryption 5.50.x have a delay before removal of (1) out-of-date credentials and (2) invalid credentials, which allows physically proximate attackers to defeat the full-disk encryption feature by leveraging knowledge of these credentials. Sophos SafeGuard Enterprise Device Encryption v5.x hasta v5.50.8.13, Sophos SafeGuard Easy Device Encryption Client v5.50.x, y Sophos Disk Encryption 5.50.x tienen cierto retraso antes de eliminar (1) credenciales antiguas y(2) credenciales inválidas, lo que podría permitir a atacantes físicamente próximos, conseguir vulnerar la función de cifrado del disco, aprovechando el conocimiento de estas credenciales. • http://www.sophos.com/en-us/support/knowledgebase/112655.aspx • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •