Selma Jabour

**Name of the Vulnerable Software and Affected Versions** Apache OpenOffice versions prior to 4.1.13 **Description** A flaw in Apache OpenOffice exists where the required initialization vector for encryption is always the same, weakening the security of the encryption. This makes stored passwords vulnerable if an attacker has access to the user's configuration data. The stored passwords are encrypted with a single master key provided by the user. **Recommendations** For versions prior to 4.1.13, update to version 4.1.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the user's configuration data to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apache OpenOffice versions prior to 4.1.13 **Description** A flaw in Apache OpenOffice exists where the master key used for encrypting stored passwords is poorly encoded, reducing its entropy from 128 to 43 bits. This makes the stored passwords vulnerable to a brute force attack if an attacker gains access to the user's stored configuration. **Recommendations** For versions prior to 4.1.13, update to version 4.1.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the configuration database to minimize the risk of exploitation.