Micha Riser

**Name of the Vulnerable Software and Affected Versions** EncFS versions prior to 1.7.0 **Description** The issue arises from improper handling of integer data sizes in SSL Cipher.cpp when constructing headers for randomization of initialization vectors. This makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms. **Recommendations** For versions prior to 1.7.0, update to version 1.7.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** EncFS versions prior to 1.7.0 **Description** The issue concerns the use of an improper combination of an AES cipher and a CBC cipher mode for encrypted filesystems. This allows local users to obtain sensitive information via a watermark attack. **Recommendations** For versions prior to 1.7.0, update to version 1.7.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** EncFS versions prior to 1.7.0 **Description** The issue allows local users to obtain sensitive information via calculations involving recovery of XORed data. This is demonstrated by an attack on encrypted data where the last block contains only one byte. **Recommendations** For versions prior to 1.7.0, update to version 1.7.0 or later to resolve the issue.