CVE-2010-3075 — MEDIUM (5.0)

Q: How severe is CVE-2010-3075?

CVE-2010-3075 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2010-3075?

Check the references section above for vendor advisories and patch information. Affected products include: Arg0 Encfs.

Vulnerability Description

EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher mode with the same initialization vector, which makes it easier for local users to obtain sensitive information via calculations involving recovery of XORed data, as demonstrated by an attack on encrypted data in which the last block contains only one byte.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Arg0	Encfs	<= 1.6.0

Related Weaknesses (CWE)

CWE-310

References

FAQ

What is CVE-2010-3075?

CVE-2010-3075 is a vulnerability with a CVSS score of 5.0 (MEDIUM). EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher mode with the same initialization vector, which makes it easier for local users to obtain sensitive information via calculations ...

How severe is CVE-2010-3075?

CVE-2010-3075 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-3075?

Check the references section above for vendor advisories and patch information. Affected products include: Arg0 Encfs.