Confd log files contain local users, including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710.
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Unified_threat_management | Sophos | * | 9.710 (excluding) |
While logging all information may be helpful during development stages, it is important that logging levels be set appropriately before a product ships so that sensitive user data and system information are not accidentally exposed to potential attackers. Different log files may be produced and stored for: