Apache OpenOffice Weak Master Keys

Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making the stored passwords vulnerable to a brute force attack if an attacker has access to the users stored config. This issue affects: Apache OpenOffice versions prior to 4.1.13. Reference: CVE-2022-26307 - LibreOffice

N/A

信息熵不充分

Apache OpenOffice 安全特征问题特征问题漏洞

Apache OpenOffice是美国阿帕奇（Apache）基金会的一款开源的办公软件套件。该套件包含文本文档、电子表格、演示文稿、绘图、数据库等。 Apache OpenOffice 4.1.13之前版本存在安全特征问题漏洞，该漏洞源于主密钥编码不当导致其熵从128位减弱到43位，如果攻击者有权访问用户存储的配置，则存储的密码容易受到暴力攻击。

N/A

N/A