You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@openoffice.apache.org by bu...@apache.org on 2013/05/15 16:30:17 UTC
[Bug 122322] New: Password protected spreadsheet opens without
password, possibly after recovery
https://issues.apache.org/ooo/show_bug.cgi?id=122322
Bug ID: 122322
Issue Type: DEFECT
Summary: Password protected spreadsheet opens without password,
possibly after recovery
Classification: Application
Product: Calc
Version: AOO 3.4.1
Hardware: All
OS: Windows 7
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: open-import
Assignee: issues@openoffice.apache.org
Reporter: texted@comcast.net
CC: issues@openoffice.apache.org
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
[Bug 122322] Password protected spreadsheet opens without password,
possibly after recovery
Posted by bu...@apache.org.
https://issues.apache.org/ooo/show_bug.cgi?id=122322
Edwin Sharp <el...@mail-page.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |needmoreinfo
CC| |elish@mail-page.com
--- Comment #1 from Edwin Sharp <el...@mail-page.com> ---
Please attach example
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
[Bug 122322] Password protected spreadsheet opens without password,
possibly after recovery
Posted by bu...@apache.org.
https://issues.apache.org/ooo/show_bug.cgi?id=122322
--- Comment #6 from chico77 <fe...@gmail.com> ---
ver. 4.0.1.
password secured files can be opened without the password protection after the
re-covery from the cras&restart of Calc
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
You are watching all bug changes.
[Bug 122322] Password protected spreadsheet opens without password,
possibly after recovery
Posted by bu...@apache.org.
https://issues.apache.org/ooo/show_bug.cgi?id=122322
Edwin Sharp <el...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords|needmoreinfo |
Status|UNCONFIRMED |CONFIRMED
Ever confirmed|0 |1
--- Comment #5 from Edwin Sharp <el...@apache.org> ---
Confirmed per comment 4.
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
You are watching all bug changes.
[Bug 122322] Password protected spreadsheet opens without password,
possibly after recovery
Posted by bu...@apache.org.
https://issues.apache.org/ooo/show_bug.cgi?id=122322
Shari <we...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |webweaver64@gmail.com
--- Comment #2 from Shari <we...@gmail.com> ---
AOO 4.0, just had this happen as well. I'm not sure what you would want
attached?
I have a spreadsheet that would have been created at some point in 3.x, I've
recently updated one machine, and was working in 4.0 so it would have been
saved in that version. I then was working on a machine that had 3.4, resaved. I
updated that machine to 4.0, and during a power outage, spreadsheet was saved
and recovered, however it was recovered without the password protection.
I'm not sure if the version savings had anything to do with it, but wanted to
share it as it might..
I'll try to reproduce, with a non critical spreadsheet.
I'm also on Windows 7.
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
You are watching all bug changes.
[Bug 122322] Password protected spreadsheet opens without password,
possibly after recovery
Posted by bu...@apache.org.
https://issues.apache.org/ooo/show_bug.cgi?id=122322
--- Comment #3 from Shari <we...@gmail.com> ---
I have been unable to reproduce this again. I've tried it a few different ways
and it's always asking for the password now..
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
You are watching all bug changes.
[Issue 122322] Password protected spreadsheet opens without
password, possibly after recovery
Posted by bu...@apache.org.
https://issues.apache.org/ooo/show_bug.cgi?id=122322
Bev E <pu...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |purl2tog@gmail.com
--- Comment #8 from Bev E <pu...@gmail.com> ---
This took me by surprise back in 3.4.1 when it happened awhile back. Wasn't
sure if I had made an error, but it just happened again, in 3.4.1 only this
time I was sure I had not made a mistake. File was open during an overnight
windows update and after rebooting I opened the file, recovered and found
password had vanished.
I just upgraded to 4.1.0 and this problem persists and is reproducible.
Perhaps change the version info for this issue to note it happens in Version
4.1.0? change Issue type from Defect to Security?
Win7 Pro 64bit
OO 4.1.0
spreadsheet in .ods format
Scenario:
Put a password on spreadsheet .ods file: File > Save as > Save with password
Make an edit to a cell, wait for Autosave to happen (I chose 3-minute autosave
interval :Tools > Options > Load/Save> General > Save Autorecovery information
every 3 min)
Kill the program from task manager: scalc.exe, and soffice.bin; soffice.exe
dies by itself
Re-open the file and get recovery prompt, choose to recover and file recovers
and opens with no password on it
Would like confirmation that a workaround is to turn off autorecovery saving
Would like priority on this raised since it is a security issue.
Please.
--
You are receiving this mail because:
You are on the CC list for the issue.
You are the assignee for the issue.
You are watching all issue changes.
[Bug 122322] Password protected spreadsheet opens without password,
possibly after recovery
Posted by bu...@apache.org.
https://issues.apache.org/ooo/show_bug.cgi?id=122322
chico77 <fe...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fero967@gmail.com
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
You are watching all bug changes.
[Bug 122322] Password protected spreadsheet opens without password,
possibly after recovery
Posted by bu...@apache.org.
https://issues.apache.org/ooo/show_bug.cgi?id=122322
--- Comment #7 from sayt@mailinator.com ---
FYI: LO has the same security issue:
https://bugs.freedesktop.org/show_bug.cgi?id=51819
Some more info about this:
The problem behind this issue is that the recovery file gets always saved
unencrypted (unprotected) even for a password-protected file (you can check
this in the user backup directory: if the content.xml inside the document is
plain-text than it is unencrypted).
The issue seems to be introduced by the changes for bug 119366 (revision
1354039):
now SID_ENCRYPTIONDATA is also cleared in PreDoSaveAs_Impl, and so the recovery
file is saved without encryption info (AutoRecovery also uses Save As to save
the file).
I suppose (cannot check it though) that the solution to this issue could be to
modify the implts_saveOneDoc function in this file:
http://svn.apache.org/viewvc/openoffice/trunk/main/framework/source/services/autorecovery.cxx?view=markup
and to put PROP_ENCRYPTIONDATA also into lNewArgs (similar to PROP_PASSWORD
around line 2417), so that the PreDoSaveAs_Impl could paste the encryption data
from pParams (as from the original document it is cleared now due to the
changes).
Hope it helps!
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
You are watching all bug changes.