EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher mode with the same initialization vector, which makes it easier for local users to obtain sensitive information via calculations involving recovery of XORed data, as demonstrated by an attack on encrypted data in which the last block contains only one byte.
Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed.
| Link | Tags |
|---|---|
| http://secunia.com/advisories/41158 | third party advisory vendor advisory |
| https://bugzilla.redhat.com/show_bug.cgi?id=630460 | |
| http://secunia.com/advisories/41478 | third party advisory vendor advisory |
| http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047794.html | vendor advisory |
| http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047825.html | vendor advisory |
| http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0316.html | mailing list |
| http://www.openwall.com/lists/oss-security/2010/09/05/3 | mailing list |
| http://www.openwall.com/lists/oss-security/2010/09/07/8 | mailing list |
| http://www.openwall.com/lists/oss-security/2010/09/06/1 | mailing list |
| http://www.vupen.com/english/advisories/2010/2414 | vdb entry vendor advisory |
| http://www.arg0.net/encfs | |
| http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047798.html | vendor advisory |