Vigil@nce - Sophos Disk Encryption: read-write access via SEC and Sleep-mode
July 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can bypass access restrictions of Sophos Disk
Encryption via the Sleep-mode of Windows, in order to read or
alter data.
Impacted products: SafeGuard Encryption, SafeGuard PrivateDisk
Severity: 2/4
Creation date: 28/05/2015
DESCRIPTION OF THE VULNERABILITY
The Sophos Disk Encryption product can be managed from Sophos
Enterprise Console.
However, when Windows exits from the Sleep mode, a password is not
always requested by Sophos Disk Encryption.
An attacker can therefore bypass access restrictions of Sophos
Disk Encryption via the Sleep-mode of Windows, in order to read or
alter data.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN