Apache OpenOffice Weak Master Keys
CVE-2022-37401

8.8HIGH

Key Information:

Vendor: Apache
Status: Apache Openoffice
Vendor: CVE Published:; 15 August 2022

What is CVE-2022-37401?

Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making the stored passwords vulnerable to a brute force attack if an attacker has access to the users stored config. This issue affects: Apache OpenOffice versions prior to 4.1.13. Reference: CVE-2022-26307 - LibreOffice

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Apache OpenOffice Apache OpenOffice 4 < 4.1.13

References

https://www.openoffice.org/security/cves/CVE-2022-37401.html

x_refsource_MISC

http://www.openwall.com/lists/oss-security/2022/08/13/2

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 15, 2022
Vulnerability Reserved
Aug 4, 2022

Credit

OpenSource Security GmbH on behalf of the German Federal Office for Information Security

JSON

Apache

What is CVE-2022-37401?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.