Confd log files contain local users’, including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710.
CPE | Name | Operator | Version |
---|---|---|---|
unified_threat_management | lt | 9.710 |