Published: 07/08/2017 Updated: 21/08/2020

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The ".encfs6.xml" configuration file in encfs prior to 1.7.5 allows remote malicious users to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes".

Vulnerable Product	Search on Vulmon	Subscribe to Product
opensuse leap 42.1
opensuse leap 42.2
opensuse opensuse 13.2
encfs project encfs

Debian Bug report logs - #736066 multiple security issues discovered in encfs Package: encfs; Maintainer for encfs is Eduard Bloch <blade@debianorg>; Source for encfs is src:encfs (PTS, buildd, popcon) Reported by: Paul Dreik <slask@pauldreikse> Date: Sun, 19 Jan 2014 12:45:01 UTC Severity: important Tags: securit ...

CWE-200 https://security.gentoo.org/glsa/201512-09 https://bugzilla.redhat.com/show_bug.cgi?id=1097537 http://www.openwall.com/lists/oss-security/2014/05/14/2 http://lists.opensuse.org/opensuse-updates/2017-01/msg00090.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736066 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-3462

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect