You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@openoffice.apache.org by "Carl B. Marcum" <cm...@apache.org> on 2022/08/12 22:38:45 UTC

CVE-2022-37401: Apache OpenOffice Weak Master Keys

Severity: important

Description:

Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making the stored passwords vulnerable to a brute force attack if an attacker has access to the users stored config. This issue affects: Apache OpenOffice versions prior to 4.1.13.  Reference: CVE-2022-26307 - LibreOffice

Credit:

 OpenSource Security GmbH on behalf of the German Federal Office for Information Security

References:

https://www.openoffice.org/security/cves/CVE-2022-37401.html


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org