CVE-2011-5117

Sophos SafeGuard Enterprise Device Encryption 5.x through 5.50.8.13, Sophos SafeGuard Easy Device Encryption Client 5.50.x, and Sophos Disk Encryption 5.50.x have a delay before removal of (1) out-of-date credentials and (2) invalid credentials, which allows physically proximate attackers to defeat the full-disk encryption feature by leveraging knowledge of these credentials.

Published : 2012-08-24 10:36 Updated : 2012-08-24 16:30

6.9
CVSS Score More info
Score 6.9 / 10
6.9
Vendor Product Version URI
Sophos Safeguard Enterprise Device Encryption 5.35.2 cpe:/a:sophos:safeguard_enterprise_device_encryption:5.35.2
Sophos Safeguard Enterprise Device Encryption 5.35.0 cpe:/a:sophos:safeguard_enterprise_device_encryption:5.35.0
Sophos Safeguard Enterprise Device Encryption 5.50.8 cpe:/a:sophos:safeguard_enterprise_device_encryption:5.50.8
Sophos Safeguard Enterprise Device Encryption 5.35.1 cpe:/a:sophos:safeguard_enterprise_device_encryption:5.35.1
Sophos Safeguard Easy Device Encryption Client 5.50.8 cpe:/a:sophos:safeguard_easy_device_encryption_client:5.50.8
Sophos Safeguard Enterprise Device Encryption 5.50.1 cpe:/a:sophos:safeguard_enterprise_device_encryption:5.50.1
Sophos Safeguard Enterprise Device Encryption 5.40.0 cpe:/a:sophos:safeguard_enterprise_device_encryption:5.40.0
Sophos Safeguard Easy Device Encryption Client 5.50.1 cpe:/a:sophos:safeguard_easy_device_encryption_client:5.50.1
Sophos Safeguard Enterprise Device Encryption 5.50.0 cpe:/a:sophos:safeguard_enterprise_device_encryption:5.50.0
Sophos Safeguard Easy Device Encryption Client 5.50.0 cpe:/a:sophos:safeguard_easy_device_encryption_client:5.50.0
Sophos Disk Encryption 5.50.8 cpe:/a:sophos:disk_encryption:5.50.8
Sophos Safeguard Enterprise Device Encryption 5.6 cpe:/a:sophos:safeguard_enterprise_device_encryption:5.6
Sophos Safeguard Enterprise Device Encryption 5.35.3 cpe:/a:sophos:safeguard_enterprise_device_encryption:5.35.3
Sophos Disk Encryption 5.50.1 cpe:/a:sophos:disk_encryption:5.50.1
Sophos Disk Encryption 5.50.0 cpe:/a:sophos:disk_encryption:5.50.0
  1. Sophos (3) Search CVE
    1. Safeguard Enterprise Device Encryption (9) Search CVE
      1. 5.35.2
      2. 5.35.0
      3. 5.50.8
      4. 5.35.1
      5. 5.50.1
      6. 5.40.0
      7. 5.50.0
      8. 5.6
      9. 5.35.3
    2. Disk Encryption (3) Search CVE
      1. 5.50.8
      2. 5.50.1
      3. 5.50.0
    3. Safeguard Easy Device Encryption Client (3) Search CVE
      1. 5.50.8
      2. 5.50.1
      3. 5.50.0

CWE

ID Name Description Links
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently. CVE

History of changes

Date Event
2012-08-24 10:36

New CVE