CVE-2018-9233

HIGH

Sophos Endpoint Protection 10.7 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-9233. PoCs published by hyp3rlinx.

AI-analyzed exploit summary This advisory details an insecure cryptographic vulnerability in Sophos Endpoint Protection Control Panel v10.7, where weak unsalted SHA1 hashes are used for password storage, making them susceptible to rainbow table attacks. The writeup includes technical details and a verification method using PHP.

Description

Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for attackers to determine a cleartext password, and subsequently choose unsafe malware settings, via rainbow tables or other approaches.

Exploits (1)

exploitdb WRITEUP

by hyp3rlinx · textlocalwindows

https://www.exploit-db.com/exploits/44411

View Code ZIP pw:eip

This advisory details an insecure cryptographic vulnerability in Sophos Endpoint Protection Control Panel v10.7, where weak unsalted SHA1 hashes are used for password storage, making them susceptible to rainbow table attacks. The writeup includes technical details and a verification method using PHP.

Classification

Writeup 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Sophos Endpoint Protection - Control Panel v10.7

No auth needed

Prerequisites: Local access to the system · Access to the password hash stored in machine.xml

MITRE ATT&CK

T1110 - Brute Force

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/44411/

Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2018/Apr/7

Exploit, Third Party Advisory x_refsource_misc

http://hyp3rlinx.altervista.org/advisories/SOPHOS-ENDPOINT-PROTECTION-CONTROL-PANEL-v10.7-INSECURE-CRYPTO-CVE-2018-9233.txt

Scores

CVSS v3 7.8

EPSS 0.0174

EPSS Percentile 74.8%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-916

Status published

Products (1)

sophos/endpoint_protection 10.7

Published Apr 05, 2018

Tracked Since Feb 18, 2026