Published: 16/03/2015 Updated: 06/12/2016

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

eCryptfs 104 and previous versions uses a default salt to encrypt the mount passphrase, which makes it easier for malicious users to obtain user passwords via a brute force attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ecryptfs ecryptfs-utils

Debian Bug report logs - #780385 ecryptfs-utils: CVE-2014-9687 Package: ecryptfs-utils; Maintainer for ecryptfs-utils is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Source for ecryptfs-utils is src:ecryptfs-utils (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Fri, 13 Mar 2015 08:03:01 UTC ...

Sensitive information in encrypted home and Private directories could be exposed if an attacker gained access to your files ...

eCryptfs v1 hash dictionary In previous versions of eCryptfs-utils, the signature of the wrapping key consisted of 65337 iterations of SHA-512 of the user password with the default 0x0011223344556677 This behaviour leads to precomputed dictionary and rainbow table attacks on the user password of systems using eCryptfs for home folder encryption I provide a precomputed diction

CWE-255 http://www.ubuntu.com/usn/USN-2524-1 http://www.openwall.com/lists/oss-security/2015/02/10/16 http://www.openwall.com/lists/oss-security/2015/02/17/7 http://www.openwall.com/lists/oss-security/2015/02/28/3 https://bugs.launchpad.net/ecryptfs/+bug/906550 http://lists.opensuse.org/opensuse-updates/2016-01/msg00118.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780385 https://usn.ubuntu.com/2524-1/https://nvd.nist.gov

CVE-2014-9687

Vulnerability Summary

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect