Resolved App Password Bypass on Sophos Secure Workspace for Android (CVE-2021-36808)

← Back to Security Advisories Overview
Sophos Secure Workspace (Android)
Publication ID: sophos-sa-20211029-ssw-pw-bypass
Article Version: 1
First Published:
Workaround: No


A race condition in Sophos Secure Workspace for Android was recently discovered and responsibly disclosed to Sophos. It was reported via the Sophos bug bounty program by an external security researcher. The vulnerability has been fixed. There is no action required for customers, as updates are installed automatically by default.

Sophos would like to thank Christian Niel Angel for responsibly disclosing the issues to Sophos.

The remediation prevented a local attacker to bypass the app password. There was no evidence that the vulnerability was exploited and to our knowledge no customers are impacted.

Applies to the following Sophos product(s) and version(s)

  • Sophos Secure Workspace for Android prior version 9.7.3115


  • Fix included in Sophos Secure Workspace 9.7.3115 on September 27, 2021

  • Additionally, Sophos recommends that Sophos Secure Workspace customers upgrade to the latest available release