CVE-2022-37400 – Apache OpenOffice supports the storage of passwords for web connections in the user’s conf …

15 August 2022

Vuln ID: CVE-2022-37400

Published: 2022-08-15 11:21:41Z

Description: Apache OpenOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where the required initialization vector for encryption was always the same which weakens the security of the encryption making them vulnerable if an attacker has access to the user’s configuration data. This issue affects: Apache OpenOffice versions prior to 4.1.13. Reference: CVE-2022-26306 – LibreOffice

Source: NVD.NIST.GOV

Date:

15 August 2022

Categorie(s):

NVD

Tag(s):

NVD

25 cybersecurity AI stats you should know25 April 2024
73% of SME security pros missed or ignored critical alerts25 April 2024
Battening down the hatches: Navigating third-party cyber threats 25 April 2024
Australia’s spies and cops want ‘accountable encryption’ – aka access to backdoors25 April 2024
Australia’s spies and cops want ‘accountable encryption’ – aka backdoors25 April 2024