CVE-2014-2005

Sophos Disk Encryption (SDE) 5.x in Sophos Enterprise Console (SEC) 5.x before 5.2.2 does not enforce intended authentication requirements for a resume action from sleep mode, which allows physically proximate attackers to obtain desktop access by leveraging the absence of a login screen.

Published : 2014-06-25 11:19 Updated : 2019-09-27 17:36

6.9
CVSS Score More info
Score 6.9 / 10
6.9
Vendor Product Version URI
Sophos Enterprise Console 5.2 cpe:/a:sophos:enterprise_console:5.2
Sophos Enterprise Console 5.1 cpe:/a:sophos:enterprise_console:5.1
Sophos Enterprise Console 5.2.1 cpe:/a:sophos:enterprise_console:5.2.1:r2
Sophos Enterprise Console 5.2.1 cpe:/a:sophos:enterprise_console:5.2.1
  1. Sophos (1) Search CVE
    1. Enterprise Console (3) Search CVE
      1. 5.2
      2. 5.1
      3. 5.2.1

CWE

ID Name Description Links
CWE-287 Improper Authentication When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. CVE

History of changes

Date Event
2019-09-27 17:36
2014-06-25 11:19

New CVE