OpenOffice <4.1.13: Weak 128bit Master Key, Brute Force Passwords
CVE-2022-37401 Published on August 15, 2022
Apache OpenOffice Weak Master Keys
Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making the stored passwords vulnerable to a brute force attack if an attacker has access to the users stored config. This issue affects: Apache OpenOffice versions prior to 4.1.13. Reference: CVE-2022-26307 - LibreOffice
Weakness Type
Insufficient Entropy
The software uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.
Products Associated with CVE-2022-37401
Want to know whenever a new CVE is published for Apache OpenOffice? stack.watch will email you.
Affected Versions
Apache Software Foundation Apache OpenOffice:- Version Apache OpenOffice 4 and below 4.1.13 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.