CVE-2014-3462

Published: Aug 7, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes".

Affected (4)

Products: Opensuse: Leap, Opensuse · Encfs Project: Encfs

2 products

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 42.1
Opensuse Leap	Version 42.2
Opensuse Opensuse	Version 13.2

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Encfs Project Encfs	Before 1.7.5

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (8)

http://lists.opensuse.org/opensuse-updates/2017-01/msg00090.html

Source: cve@mitre.org

Third Party Advisory

http://www.openwall.com/lists/oss-security/2014/05/14/2

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1097537

Source: cve@mitre.org

Issue TrackingThird Party AdvisoryVDB Entry

https://security.gentoo.org/glsa/201512-09

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://lists.opensuse.org/opensuse-updates/2017-01/msg00090.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.openwall.com/lists/oss-security/2014/05/14/2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1097537

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party AdvisoryVDB Entry

https://security.gentoo.org/glsa/201512-09

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.