1. CVE-Search
  2. CVE-2010-3074
ID CVE-2010-3074
Summary SSL_Cipher.cpp in EncFS before 1.7.0 uses an improper combination of an AES cipher and a CBC cipher mode for encrypted filesystems, which allows local users to obtain sensitive information via a watermark attack.
References
Vulnerable Configurations
  • cpe:2.3:a:arg0:encfs:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:arg0:encfs:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:arg0:encfs:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:arg0:encfs:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:arg0:encfs:1.4.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:arg0:encfs:1.4.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:arg0:encfs:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:arg0:encfs:1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:arg0:encfs:1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:arg0:encfs:1.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:arg0:encfs:1.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:arg0:encfs:1.6.0:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 14-01-2011 - 06:46)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:N/A:N
refmap via4
confirm
fedora
  • FEDORA-2010-14200
  • FEDORA-2010-14254
  • FEDORA-2010-14268
fulldisc 20100826 Multiple Vulnerabilities in EncFS
mlist
  • [oss-security] 20100905 CVE Request -- EncFS / fuse-encfs [three ids] -- Multiple Vulnerabilities in EncFS
  • [oss-security] 20100905 Re: CVE Request -- EncFS / fuse-encfs [three ids] -- Multiple Vulnerabilities in EncFS
  • [oss-security] 20100907 Re: CVE Request -- EncFS / fuse-encfs [three ids] -- Multiple Vulnerabilities in EncFS
secunia
  • 41158
  • 41478
suse SUSE-SR:2010:023
vupen ADV-2010-2414
Last major update 14-01-2011 - 06:46
Published 17-09-2010 - 18:00
Last modified 14-01-2011 - 06:46
Back to Top