A number of issues were found in the cryptography practices of EncFS. These are detailed in the following audit:
It also notes some of the issues in bug 630460 may not be fixed correctly.
A fix is currently not available. Fedora and EPEL use a 1.x version. A future 2.0 release may correct these issues: https://code.google.com/p/encfs/issues/detail?id=186
Created fuse-encfs tracking bugs for this issue:
Affects: fedora-all [bug 1097539]
Affects: epel-all [bug 1097540]
CVE request: http://www.openwall.com/lists/oss-security/2014/05/14/1
MITRE assigned CVE-2014-3462 to the "Editing Configuration File Disables MACs" (from the original audit report) issue:
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.