CVE-2022-37401

Name of the Vulnerable Software and Affected Versions Apache OpenOffice versions prior to 4.1.13

Description A flaw in Apache OpenOffice exists where the master key used for encrypting stored passwords is poorly encoded, reducing its entropy from 128 to 43 bits. This makes the stored passwords vulnerable to a brute force attack if an attacker gains access to the user's stored configuration.

Recommendations For versions prior to 4.1.13, update to version 4.1.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the configuration database to minimize the risk of exploitation.