Thread Info
  • State Verified Answer
  • +3 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Subscribers 32 subscribers
  • Views 2138 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

KBA 135412 Hashing Algorithm???

AlexRomp

The KBA says if you were attacked, the passwords were hashed.  Don't supposed anybody knows how they were hashed or if Sophos will share that data with us?  Were they salted?  MD5 (I hope not but I'd bet it is)?  Something better like SHA1?

 

I'm going to see if anybody has any PoC attacks written about this online where we can see the exfiltrated data.



This thread was automatically locked due to age.
Parents
  • 0

    The users are stored probably into a SQL-server on the firewall ("SQL injection vulnerabilty").

    When I log into the firewall with ssh, select the Advanced Shell (5. 3.) and change into /conf/db I see a PostgreSQL directory structure.

    Next step could be to dump all databases (pg_dump) and copy that offsite to analyse it for usernames and the password hashes, but its now to late (here in Vienna), good night!

Reply
  • 0

    The users are stored probably into a SQL-server on the firewall ("SQL injection vulnerabilty").

    When I log into the firewall with ssh, select the Advanced Shell (5. 3.) and change into /conf/db I see a PostgreSQL directory structure.

    Next step could be to dump all databases (pg_dump) and copy that offsite to analyse it for usernames and the password hashes, but its now to late (here in Vienna), good night!

Children
No Data