cbcvebase.
CVE-2010-3075
published 2010-09-17

CVE-2010-3075: EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher mode with the same initialization vector, which makes it easier for local users to…

PriorityP421medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
2.06%
79.0th percentile
EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher mode with the same initialization vector, which makes it easier for local users to obtain sensitive information via calculations involving recovery of XORed data, as demonstrated by an attack on encrypted data in which the last block contains only one byte.

Affected

10 ranges
VendorProductVersion rangeFixed in
arg0encfs<= 1.6.0
arg0encfs
arg0encfs
arg0encfs
arg0encfs
arg0encfs
arg0encfs>= 0 < 1.7.2-11.7.2-1
arg0encfs>= 0 < 1.7.2-11.7.2-1
arg0encfs>= 0 < 1.7.2-11.7.2-1
debianencfs< encfs 1.7.2-1 (bookworm)encfs 1.7.2-1 (bookworm)

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.0MEDIUM
vendor_debian5.0MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.