CVE-2010-3073

EncFS < 1.7.0 - Information Disclosure via SSL_Cipher.cpp Header Construction

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-3073. PoCs published by Micha Riser.

AI-analyzed exploit summary The provided text describes cryptographic design flaws in EncFS, specifically weaknesses in CBC/CFB cipher modes that could allow attackers to disclose sensitive information through watermarking or similar techniques. No actual exploit code is present.

Description

SSL_Cipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Micha Riser · textlocallinux
https://www.exploit-db.com/exploits/34537

The provided text describes cryptographic design flaws in EncFS, specifically weaknesses in CBC/CFB cipher modes that could allow attackers to disclose sensitive information through watermarking or similar techniques. No actual exploit code is present.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Theoretical
Reliability
Theoretical
Target: EncFS (version not specified)
No auth needed
Prerequisites: Access to encrypted files
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (13)

Core 13
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/41158
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=630460
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/41478
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2414
Issue Tracking x_refsource_confirm
http://code.google.com/p/encfs/source/detail?r=59
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047794.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047825.html
Third Party Advisory mailing-list x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0316.html
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/09/05/3
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/09/07/8
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/09/06/1
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047798.html

Scores

EPSS 0.0071
EPSS Percentile 49.2%

Details

CWE
CWE-310
Status published
Products (6)
arg0/encfs 1.4.0
arg0/encfs 1.4.1
arg0/encfs 1.4.1.1
arg0/encfs 1.4.2
arg0/encfs 1.5.0
arg0/encfs < 1.6.0
Published Sep 17, 2010
Tracked Since Feb 18, 2026