Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
GELI silently omits the keyfile if read from stdin
Vulnerability Description
When GELI reads a key file from standard input, it does not reuse the key file to initialize multiple providers at once resulting in the second and subsequent devices silently using a NULL key as the user key file. If a user only uses a key file without a user passphrase, the master key is encrypted with an empty key file allowing trivial recovery of the master key.
CVSS Information
N/A
Vulnerability Type
输入验证不恰当
Vulnerability Title
GELI 安全漏洞
Vulnerability Description
GELI是freeBSD基金会的一个块设备层磁盘加密实用程序。 GELI存在安全漏洞,该漏洞源于从标准输入读取密钥文件时,它不会重复使用密钥文件来同时初始化多个提供者,导致第二个和后续设备默认使用NULL密钥作为用户密钥文件,如果用户仅使用没有用户密码的密钥文件,则主密钥会使用空密钥文件进行加密,从而可以轻松恢复主密钥。
CVSS Information
N/A
Vulnerability Type
N/A