CVE-2010-3074

Severity Score

2.1

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

SSL_Cipher.cpp in EncFS before 1.7.0 uses an improper combination of an AES cipher and a CBC cipher mode for encrypted filesystems, which allows local users to obtain sensitive information via a watermark attack.

SSL_Cipher.cpp en EncFS anterior a v1.7.0 utiliza una combinación inadecuada de un sistema de cifrado AES y un modo de cifrado CBC para sistemas de archivos cifrados, lo cual permite a usuarios locales obtener información sensible mediante un ataque de marca de agua.

*Credits: N/A

CVSS Scores

NISTv2 2.1

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2010-08-20 CVE Reserved
2010-09-17 CVE Published
2023-03-08 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-310: Cryptographic Issues

CAPEC

References (15)

URL	Tag	Source
http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0316.html	Mailing List
http://bugs.gentoo.org/show_bug.cgi?id=335938	X_refsource_confirm
http://code.google.com/p/encfs/source/detail?r=59	X_refsource_confirm
http://www.arg0.net/encfs	X_refsource_confirm
http://www.openwall.com/lists/oss-security/2010/09/05/3	Mailing List
http://www.openwall.com/lists/oss-security/2010/09/06/1	Mailing List
http://www.openwall.com/lists/oss-security/2010/09/07/8	Mailing List
https://bugzilla.redhat.com/show_bug.cgi?id=630460	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047794.html	2011-01-14
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047798.html	2011-01-14
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047825.html	2011-01-14
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html	2011-01-14
http://secunia.com/advisories/41158	2011-01-14
http://secunia.com/advisories/41478	2011-01-14
http://www.vupen.com/english/advisories/2010/2414	2011-01-14

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Arg0 Search vendor "Arg0"		Encfs Search vendor "Arg0" for product "Encfs"				<= 1.6.0 Search vendor "Arg0" for product "Encfs" and version " <= 1.6.0"		-		Affected
Arg0 Search vendor "Arg0"		Encfs Search vendor "Arg0" for product "Encfs"				1.4.0 Search vendor "Arg0" for product "Encfs" and version "1.4.0"		-		Affected
Arg0 Search vendor "Arg0"		Encfs Search vendor "Arg0" for product "Encfs"				1.4.1 Search vendor "Arg0" for product "Encfs" and version "1.4.1"		-		Affected
Arg0 Search vendor "Arg0"		Encfs Search vendor "Arg0" for product "Encfs"				1.4.1.1 Search vendor "Arg0" for product "Encfs" and version "1.4.1.1"		-		Affected
Arg0 Search vendor "Arg0"		Encfs Search vendor "Arg0" for product "Encfs"				1.4.2 Search vendor "Arg0" for product "Encfs" and version "1.4.2"		-		Affected
Arg0 Search vendor "Arg0"		Encfs Search vendor "Arg0" for product "Encfs"				1.5.0 Search vendor "Arg0" for product "Encfs" and version "1.5.0"		-		Affected