{"id":"CVE-2014-3462","details":"The \".encfs6.xml\" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting \"blockMACBytes\" to 0 and adding 8 to \"blockMACRandBytes\".","modified":"2026-01-27T04:12:40.789092Z","published":"2017-08-07T20:29:00Z","withdrawn":"2026-01-27T04:12:40.789092Z","related":["MGASA-2016-0026"],"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-updates/2017-01/msg00090.html"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2014/05/14/2"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1097537"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201512-09"}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}