Sophos' flagship web security product open to attack

By on
Sophos' flagship web security product open to attack

Sophos' eb Protection Appliance contains severe vulnerabilities that could provide hackers with a launching pad to attack victim organisations.

The trio of flaws, confirmed by Sophos, were present in a previous version of the kit. 

The company has patched the flaws.

Austria-based security research firm SEC Consult disclosed the vulnerabilities which could allow adversaries to obtain "unauthorised access to the [Sophos] appliance and plant backdoors or access configuration files containing credentials for other systems...which can be used in further attacks".

These systems include Active Directory or FTP servers, according to SEC Consult.

In addition, saboteurs could steal HTTP traffic including passwords and cookies, as well as HTTPS traffic if the customer has the appliance's HTTPS Scanning feature activated.

HTTPS Scanning was also  affected by a flaw allowing attackers to compromise private keys used for SSL certificates installed on client endpoints throughout a victim company.

"These certificates will then pass validation on the client machines, enabling various attacks or further targeting clients (e.g. man-in-the-middle, phishing)," SEC Consult said.

Going after security companies to sign certificates appears to be a trendy tool in the cyber criminal's arsenal. In February, hackers breached Bit9 and accessed its code-signing certs, enabling intruders to digitally sign malware to appear as legitimate files

This article originally appeared at

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition

Most Read Articles

Log In

  |  Forgot your password?