Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making the stored passwords vulnerable to a brute force attack if an attacker has access to the users stored config. This issue affects: Apache OpenOffice versions prior to 4.1.13. Reference: CVE-2022-26307 - LibreOffice
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2022-08-13T06:40:25

Updated: 2024-08-03T10:29:21.020Z

Reserved: 2022-08-04T00:00:00

Link: CVE-2022-37401

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-08-15T11:21:42.117

Modified: 2024-11-21T07:14:55.610

Link: CVE-2022-37401

cve-icon Redhat

No data.