CVE-2022-0652

Summary

Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710.

Affected Software

VendorProductVersion RangeStatus
SophosSophos UTMunspecified < 9.710affected

Weaknesses

  • n/a

ADP Enrichment

CVE Program Container

Additional References

References