CVE-2011-5117
Sophos SafeGuard Enterprise Device Encryption 5.x-5.50.8.13 - Credential Removal Delay
Title source: llmDescription
Sophos SafeGuard Enterprise Device Encryption 5.x through 5.50.8.13, Sophos SafeGuard Easy Device Encryption Client 5.50.x, and Sophos Disk Encryption 5.50.x have a delay before removal of (1) out-of-date credentials and (2) invalid credentials, which allows physically proximate attackers to defeat the full-disk encryption feature by leveraging knowledge of these credentials.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.sophos.com/en-us/support/knowledgebase/112655.aspx
Scores
EPSS
0.0010
EPSS Percentile
27.8%
Details
CWE
CWE-362
Status
published
Products (15)
sophos/disk_encryption
5.50.0
sophos/disk_encryption
5.50.1
sophos/disk_encryption
5.50.8
sophos/safeguard_easy_device_encryption_client
5.50.0
sophos/safeguard_easy_device_encryption_client
5.50.1
sophos/safeguard_easy_device_encryption_client
5.50.8
sophos/safeguard_enterprise_device_encryption
5.6
sophos/safeguard_enterprise_device_encryption
5.35.0
sophos/safeguard_enterprise_device_encryption
5.35.1
sophos/safeguard_enterprise_device_encryption
5.35.2
... and 5 more
Published
Aug 24, 2012
Tracked Since
Feb 18, 2026