Thread Info
  • State Suggested Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 30 subscribers
  • Views 1285 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

KBA 135412 SQL Injection -- Sophos please specify ASAP "user accounts used for remote access"

Heinz86

Hi,

After carefully studying logfiles and doing a postgres db dump, we sadly notice that there are indications of an sql injection attack on the firewall.

In the KBA we were told that credentials like "user accounts used for remote access" are exposed. 

After further studying of db dump we see that SITE TO SITE IPSEC PSK are saved in the database too. 

Please specify asap if this Data was also exposed or not, as we have to inform customers and their partners using s2s vpn with psk.  

 

thanks 

heinz



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    As per the KBA: https://community.sophos.com/kb/en-us/135412

    • The data exfiltrated for any impacted firewall includes all local usernames and hashed passwords of any local user accounts. For example, this includes local device admins, user portal accounts, and accounts used for remote access. Passwords associated with external authentication systems such as Active Directory (AD) or LDAP were not compromised.

    We will soon release more details of the attack and its payloads. Please follow the KBA for further updates.

Reply
  • 0

    Hi  

    As per the KBA: https://community.sophos.com/kb/en-us/135412

    • The data exfiltrated for any impacted firewall includes all local usernames and hashed passwords of any local user accounts. For example, this includes local device admins, user portal accounts, and accounts used for remote access. Passwords associated with external authentication systems such as Active Directory (AD) or LDAP were not compromised.

    We will soon release more details of the attack and its payloads. Please follow the KBA for further updates.

Children