13.1

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

freebsd

NVD

Published: 2023-02-08

Updated: 2023-11-07

Summary

When GELI reads a key file from standard input, it does not reuse the key file to initialize multiple providers at once resulting in the second and subsequent devices silently using a NULL key as the user key file. If a user only uses a key file without a user passphrase, the master key is encrypted with an empty key file allowing trivial recovery of the master key.

Vulnerable Configurations

Part	Description	Count
OS	Freebsd Freebsd Freebsd 12.4 Freebsd Freebsd 13.1 Freebsd Freebsd 12.3	18

References

https://security.FreeBSD.org/advisories/FreeBSD-SA-23:01.geli.asc