{"id":"USN-2524-1","summary":"ecryptfs-utils vulnerability","details":"Sylvain Pelissier discovered that eCryptfs did not generate a random salt when\nencrypting the mount passphrase with the login password. An attacker could use\nthis issue to discover the login password used to protect the mount passphrase\nand gain unintended access to the encrypted files.\n","modified":"2026-02-10T04:40:53Z","published":"2015-03-11T00:41:13Z","related":["UBUNTU-CVE-2014-9687"],"upstream":["CVE-2014-9687","UBUNTU-CVE-2014-9687"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2524-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-9687"}],"affected":[{"package":{"name":"ecryptfs-utils","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/ecryptfs-utils@104-0ubuntu1.14.04.3?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"104-0ubuntu1.14.04.3"}]}],"versions":["103-0ubuntu2","104-0ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_name":"ecryptfs-utils","binary_version":"104-0ubuntu1.14.04.3"},{"binary_name":"libecryptfs-dev","binary_version":"104-0ubuntu1.14.04.3"},{"binary_name":"libecryptfs0","binary_version":"104-0ubuntu1.14.04.3"},{"binary_name":"python-ecryptfs","binary_version":"104-0ubuntu1.14.04.3"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:14.04:LTS","cves":[{"id":"CVE-2014-9687","severity":[{"score":"medium","type":"Ubuntu"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2524-1.json"}}],"schema_version":"1.7.3"}