Arch Linux Security Advisory ASA-201503-14
=========================================
Severity: Low
Date    : 2015-03-17
CVE-ID  : CVE-2014-9687
Package : ecryptfs-utils
Type    : hard-coded passphrase salt
Remote  : No
Link    : https://wiki.archlinux.org/title/CVE

Summary
======
The package ecryptfs-utils before version 106-1 is vulnerable to
hard-coded passphrase salt that may ease a brute-force attack.

Resolution
=========
Upgrade to 106-1.

# pacman -Syu "ecryptfs-utils>=106-1"

The problem has been fixed upstream in version 106.

If pam_ecryptfs is used a transparent migration from version 1 to
version 2 files is provided, otherwise a manual re-wrapping of the
passphrase file is mandatory.

Workaround
=========
None.

Description
==========
eCryptfs uses a default salt to encrypt the mount passphrase, which
makes it easier for attackers to obtain user passwords via a brute force
attack. By default, the wrapping key is hashed with the default fixed
salt (0x0011223344556677).

This update introduces the version 2 wrapped-passphrase file format. It
adds the ability to combine a randomly generated salt with the wrapping
password (typically, a user's login password) prior to performing key
strengthening. The version 2 file format is considered to be a
intermediate step in strengthening the wrapped-passphrase files of
existing encrypted home/private users.

If pam_ecryptfs is used a transparent migration from version 1 to
version 2 files is provided, otherwise a manual re-wrapping of the
passphrase file is mandatory.

Impact
=====
An attacker could use this issue to discover the login password used to
protect the mount passphrase and gain unintended access to the encrypted
files with the help of bulk dictionary attacks and rainbow tables to
crack user passwords.

References
=========
https://www.openwall.com/lists/oss-security/2015/02/10/10
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9687
https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/839
https://bugs.archlinux.org/task/44157

ArchLinux: 201503-14: ecryptfs-utils: hard-coded passphrase salt

March 17, 2015

Summary

eCryptfs uses a default salt to encrypt the mount passphrase, which makes it easier for attackers to obtain user passwords via a brute force attack. By default, the wrapping key is hashed with the default fixed salt (0x0011223344556677). This update introduces the version 2 wrapped-passphrase file format. It adds the ability to combine a randomly generated salt with the wrapping password (typically, a user's login password) prior to performing key strengthening. The version 2 file format is considered to be a intermediate step in strengthening the wrapped-passphrase files of existing encrypted home/private users.
If pam_ecryptfs is used a transparent migration from version 1 to version 2 files is provided, otherwise a manual re-wrapping of the passphrase file is mandatory.

Resolution

Upgrade to 106-1. # pacman -Syu "ecryptfs-utils>=106-1"
The problem has been fixed upstream in version 106.
If pam_ecryptfs is used a transparent migration from version 1 to version 2 files is provided, otherwise a manual re-wrapping of the passphrase file is mandatory.

References

https://www.openwall.com/lists/oss-security/2015/02/10/10 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9687 https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/839 https://bugs.archlinux.org/task/44157

Severity
Package : ecryptfs-utils
Type : hard-coded passphrase salt
Remote : No
Link : https://wiki.archlinux.org/title/CVE

Workaround

None.

Related News

4.Lock AbstractDigital Esm H320
1 - 2 min read
Nmap 7.95 introduces myriad enhancements, primarily focusing on OS and service detection signatures. This reflects the dedication of the Nmap
5.ShakingHands Esm H320
3 - 5 min read
There has been a promising shift in the tech industry, with major companies pledging to release products with built-in security features. This
18.WifiCutout Landscape Esm H320
2 - 3 min read
A novel attack called TunnelVision has been discovered. It compromises the security of virtually all VPN apps, rendering their purpose useless. The
21.Globe RadiatingCode Esm H320
2 - 3 min read
The recent discovery of a backdoor in XZ Utils , a widely used Linux tool, raises concerns about the security of the open-source ecosystem. While
13.Lock StylizedMotherboard Esm H320
1 - 2 min read
Spiral Linux is a Debian-based distribution that offers a range of desktop environments, making it stand out from other Linux distributions. In
32.Lock Code Circular Esm H320
2 - 3 min read
Two critical security vulnerabilities were found in pgAdmin, the open-source administration tool for PostgreSQL . The vulnerabilities assigned
1.Penguin Landscape Esm H320
2 - 3 min read
The recent release of AlmaLinux 9.4 , closely aligned with Red Hat Enterprise Linux (RHEL) 9.4 , presents Linux admins and infosec professionals
11.Locks IsometricPattern Esm H320
2 - 3 min read
The upcoming release of Linux Mint 22 will introduce significant changes, particularly in handling XApp , GNOME applications, and the Software

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved