CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-25266

An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 17.2%

CVSS Severity

CVSS v3 Score 3.9

CVSS v2 Score 2.1

References

https://www.sophos.com/en-us/security-advisories/sophos-sa-20220427-ixm-storage
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220427-ixm-storage

Products affected by CVE-2021-25266

Sophos » Authenticator » Version: Any

cpe:2.3:a:sophos:authenticator:*
Sophos » Intercept X » Version: Any

cpe:2.3:a:sophos:intercept_x:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-25266

Products

Pricing

Contact Us