Resolved App Password Bypass on Sophos Secure Workspace for Android (CVE-2021-36808)

Zurück zur Übersicht der Sicherheitshinweise
Medium
CVE(s)
CVE-2021-36808
Updated:
Produkt(e)
Sophos Secure Workspace (Android)
Veröffentlichungs-ID sophos-sa-20211029-ssw-pw-bypass
Artikelversion 1
Erstveröffentlichung
Provisorische Lösung No

Overview

A race condition in Sophos Secure Workspace for Android was recently discovered and responsibly disclosed to Sophos. It was reported via the Sophos bug bounty program by an external security researcher. The vulnerability has been fixed. There is no action required for customers, as updates are installed automatically by default.

Sophos would like to thank Christian Niel Angel for responsibly disclosing the issues to Sophos.

The remediation prevented a local attacker to bypass the app password. There was no evidence that the vulnerability was exploited and to our knowledge no customers are impacted.

Applies to the following Sophos product(s) and version(s)

  • Sophos Secure Workspace for Android prior version 9.7.3115

Remediation

  • Fix included in Sophos Secure Workspace 9.7.3115 on September 27, 2021

  • Additionally, Sophos recommends that Sophos Secure Workspace customers upgrade to the latest available release