CVE-2014-3462 — Sensitive Information Exposure in Project Encfs

CWE-200 — Sensitive Information Exposure6 documents6 sources

Severity

7.5HIGHNVD

EPSS

1.1%

top 22.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Encfs Project Encfs Opensuse Leap Opensuse

Timeline

PublishedAug 7

Latest updateMay 13

Description

The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes".

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDencfs_project/encfs< 1.7.5

▶NVDopensuse/leap42.1, 42.2+1

▶NVDopensuse/opensuse13.2

🔴Vulnerability Details

GHSA

GHSA-j5m4-rhm6-f24f: The "↗2022-05-13

▶

OSV

CVE-2014-3462: The "↗2017-08-07

▶

CVEList

CVE-2014-3462: The "↗2017-08-07

▶

📋Vendor Advisories

Debian

CVE-2014-3462: encfs - The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attacke...↗2014

▶

💬Community

Bugzilla

CVE-2014-3462 fuse-encfs: multiple cryptography issues↗2014-05-14

▶