World-readable permissions on GELI keyfile in FreeBSD 10.x before 10.1 p9

World-readable permissions on GELI keyfile in FreeBSD 10.x before 10.1 p9

CVE-2015-1415 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring full disk encrypted ZFS, uses world-readable permissions for the GELI keyfile (/boot/encryption.key), which allows local users to obtain sensitive key information by reading the file.

Learn more about our User Device Pen Test.