Attackers exploit 0-day code-execution flaw in the Sophos firewall

 In Biz & IT, exploits, firewalls, Sophos, vulnerabilities, zerodays

Attackers exploit 0-day code-execution flaw in the Sophos firewall

Serving the Technologist for more than a decade. IT news, reviews, and analysis.
A gaping hole in a brick wall.

Enlarge (credit: Rae Allen / Flickr)

Users of a widely used firewall from Sophos have been under a zero-day attack that was designed to steal usernames, cryptographically protected passwords, and other sensitive data, officials with the security firm said on Sunday.

The well-researched and developed attack exploited a SQL injection flaw in fully patched versions of the Sophos XG Firewall. With that toehold in systems, it downloaded and installed a series of scripts that ultimately executed code intended to make off with users’ names, usernames, the cryptographically hashed form of the passwords, and the salted SHA256 hash of the administrator account’s password. Sophos has delivered a hotfix that mitigates the vulnerability.

Other data targeted by the attack included a list of the IP address allocation permissions for firewall users; the version of the custom operating system running; the type of CPU; the amount of memory that was present on the device; how long it had been running since the last reboot; the output of the ifconfig, a command-line tool; and ARP tables used to translate IP addresses into domain names.

Read 6 remaining paragraphs | Comments

Yep, in-the-wild SQL injection exploits in 2020 are still a thing.

Recent Posts
Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt