Sensitive Password Information Disclosure in Sophos UTM Firmware 9.405-5 and Earlier

Sensitive Password Information Disclosure in Sophos UTM Firmware 9.405-5 and Earlier

CVE-2016-7442 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the proxy user settings in "system settings / scan settings / anti spam" configuration tab.

Learn more about our Cis Benchmark Audit For Sophos.