CVE-2014-9687Use of Hard-coded, Security-relevant Constants in Ecryptfs-utils

CWE-255CWE-547Use of Hard-coded, Security-relevant Constants7 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
0.5%
top 33.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Ecryptfs Ecryptfs-utilsDebian Ecryptfs-utils
Timeline
PublishedMar 16
Latest updateMay 17

Description

eCryptfs 104 and earlier uses a default salt to encrypt the mount passphrase, which makes it easier for attackers to obtain user passwords via a brute force attack.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

debiandebian/ecryptfs-utils< ecryptfs-utils 103-4 (bookworm)
Debianecryptfs/ecryptfs-utils< 103-4+3

🔴Vulnerability Details

2
GHSA
GHSA-mc6q-88m2-653g: eCryptfs 104 and earlier uses a default salt to encrypt the mount passphrase, which makes it easier for attackers to obtain user passwords via a brute2022-05-17
OSV
CVE-2014-9687: eCryptfs 104 and earlier uses a default salt to encrypt the mount passphrase, which makes it easier for attackers to obtain user passwords via a brute2015-03-16

📋Vendor Advisories

3
Ubuntu
eCryptfs vulnerability2015-03-11
Debian
CVE-2014-9687: ecryptfs-utils - eCryptfs 104 and earlier uses a default salt to encrypt the mount passphrase, wh...2014
Red Hat
ecryptfs-utils: default salt is used for wrapping passphrase2011-12-19

💬Community

1
Bugzilla
CVE-2014-9687 ecryptfs-utils: default salt is used for wrapping passphrase2015-02-16
CVE-2014-9687 — Debian Ecryptfs-utils vulnerability | cvebase