[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2022-37401: Apache OpenOffice Weak Master Keys
From: "Carl B. Marcum" <cmarcum () apache ! org>
Date: 2022-08-12 22:38:45
Message-ID: 7644e755-cfdd-5fa1-6e85-ea43ef69802b () apache ! org
[Download RAW message or body]
Severity: important
Description:
Apache OpenOffice supports the storage of passwords for web connections in =
the user's configuration database. The stored passwords are encrypted with =
a single master key provided by the user. A flaw in OpenOffice existed =
where master key was poorly encoded resulting in weakening its entropy from=
128 to 43 bits making the stored passwords vulnerable to a brute force =
attack if an attacker has access to the users stored config. This issue =
affects: Apache OpenOffice versions prior to 4.1.13. Reference: =
CVE-2022-26307 - LibreOffice
Credit:
OpenSource Security GmbH on behalf of the German Federal Office for =
Information Security
References:
https://www.openoffice.org/security/cves/CVE-2022-37401.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic