Описание
SSL_Cipher.cpp in EncFS before 1.7.0 uses an improper combination of an AES cipher and a CBC cipher mode for encrypted filesystems, which allows local users to obtain sensitive information via a watermark attack.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.6.0 (включая)
Одно из
cpe:2.3:a:arg0:encfs:*:*:*:*:*:*:*:*
cpe:2.3:a:arg0:encfs:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:arg0:encfs:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:arg0:encfs:1.4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:arg0:encfs:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:arg0:encfs:1.5.0:*:*:*:*:*:*:*
EPSS
Процентиль: 22%
0.00072
Низкий
2.1 Low
CVSS2
Дефекты
CWE-310
Связанные уязвимости
ubuntu
больше 15 лет назад
SSL_Cipher.cpp in EncFS before 1.7.0 uses an improper combination of an AES cipher and a CBC cipher mode for encrypted filesystems, which allows local users to obtain sensitive information via a watermark attack.
debian
больше 15 лет назад
SSL_Cipher.cpp in EncFS before 1.7.0 uses an improper combination of a ...
github
больше 3 лет назад
SSL_Cipher.cpp in EncFS before 1.7.0 uses an improper combination of an AES cipher and a CBC cipher mode for encrypted filesystems, which allows local users to obtain sensitive information via a watermark attack.
EPSS
Процентиль: 22%
0.00072
Низкий
2.1 Low
CVSS2
Дефекты
CWE-310