CVE-2014-3462

Name of the Vulnerable Software and Affected Versions: encfs versions prior to 1.7.5

Description: The issue allows remote attackers to access sensitive data by modifying the ".encfs6.xml" configuration file. Specifically, setting blockMACBytes to 0 and adding 8 to blockMACRandBytes enables this unauthorized access.

Recommendations: For versions prior to 1.7.5, update to version 1.7.5 or later to resolve the issue. As a temporary workaround, consider restricting modifications to the ".encfs6.xml" configuration file to prevent unauthorized changes to blockMACBytes and blockMACRandBytes.