Sylvain Pelissier

Researcher fromKudelski Security
#13832of 53,633
19.5Total CVSS
Vulnerabilities · 3
Medium
2
High
1
PT-2022-10543
6.4
2022-01-02
Unknown · Enc Datavault Oem · CVE-2021-36751
**Name of the Vulnerable Software and Affected Versions** ENC DataVault versions 7.2.3 and before ENC DataVault OEM versions **Description** The issue concerns the use of an encryption algorithm that is vulnerable to data manipulation, known as ciphertext malleability, without requiring knowledge of the key. This means an attacker can modify the ciphertext, which would result in corresponding modifications to the plaintext. There is no mechanism in place to ensure data integrity, making it impossible to detect such manipulations. **Recommendations** For ENC DataVault versions 7.2.3 and before, consider disabling the use of the vulnerable encryption algorithm until a patch or update is available. For ENC DataVault OEM versions, restrict access to sensitive data stored with these versions to minimize the risk of exploitation. As a temporary workaround, avoid relying solely on the encryption provided by ENC DataVault for sensitive data, and consider additional security measures to protect against data manipulation.
PT-2021-21336
8.1
2021-12-22
Enc · Enc Datavault · CVE-2021-36750
**Name of the Vulnerable Software and Affected Versions** ENC DataVault versions prior to 7.2 VaultAPI version v67 **Description** The issue is related to the mishandling of key derivation, which makes it easier for attackers to determine the passwords of all DataVault users. This affects DataVault users across USB drives sold under multiple brand names. **Recommendations** For ENC DataVault versions prior to 7.2, update to version 7.2 or later to resolve the issue. For VaultAPI version v67, consider disabling the use of this version until a patched version is available.
PT-2014-9014
5.0
2014-12-31
Canonical · Ecryptfs · CVE-2014-9687
**Name of the Vulnerable Software and Affected Versions** eCryptfs versions 104 and earlier **Description** The issue makes it easier for attackers to obtain user passwords via a brute force attack because eCryptfs uses a default salt to encrypt the mount passphrase. **Recommendations** For versions 104 and earlier, consider using a unique salt for each user to encrypt the mount passphrase as a mitigation measure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.