Full title: Sophos Endpoint Protection 10.7 Insecure Cryptography Vulnerability 
Category: local exploits
Platform: windows
Sophos Endpoint Protection version 10.7 control panel authentication uses a weak unsalted unicoded cryptographic hash (SHA1) function. Not using a salt allows attackers that gain access to hash ability to conduct faster cracking attacks using pre-computed dictionaries, e.g. rainbow tables. This can potentially result in unauthorized access that could allow for changing of settings, whitelist or unquarantine files.

# 0day.today @ http://0day.today/