CVE-2022-37401 – Apache OpenOffice supports the storage of passwords for web connections in the user’s conf …

Vuln ID: CVE-2022-37401

Published:  2022-08-15  11:21:42Z

Description: Apache OpenOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making the stored passwords vulnerable to a brute force attack if an attacker has access to the users stored config. This issue affects: Apache OpenOffice versions prior to 4.1.13. Reference: CVE-2022-26307 – LibreOffice

Source: NVD.NIST.GOV

 


Date:

Categorie(s):

Tag(s):