Vulnerabilities > CVE-2021-25266 - Insecure Storage of Sensitive Information vulnerability in Sophos Authenticator and Intercept X
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |