CVE-2021-25266

3.9LOW

Key Information:

Vendor: Sophos
Status: Intercept X For Mobile (android); Sophos Authenticator (android)
Vendor: CVE Published:; 27 April 2022

Summary

An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495.

Affected Version(s)

Intercept X for Mobile (Android) < 9.7.3495

Sophos Authenticator (Android) <= 3.4

References

https://www.sophos.com/en-us/security-advisories/sophos-s...

x_refsource_CONFIRM

CVSS V3.1

Score:

3.9

Severity:

LOW

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 27, 2022
Vulnerability Reserved
Jan 15, 2021

Collectors

NVD DatabaseMitre Database

Credit

Can Özkan