PT-2022-3941 · Document Foundation+9 · Libreoffice+9

Published

2022-05-20

·

Updated

2024-06-15

·

CVE-2022-26307

CVSS v2.0

9.0

High

VectorAV:N/AC:L/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions LibreOffice versions prior to 7.2.7 LibreOffice versions prior to 7.3.3
Description A flaw in LibreOffice existed where the master key used for encrypting stored passwords was poorly encoded, resulting in weakened entropy from 128 to 43 bits. This made the stored passwords vulnerable to a brute force attack if an attacker had access to the user's stored configuration. The issue is related to insufficiently strong encryption of data, which could allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.
Recommendations For versions prior to 7.2.7, update to version 7.2.7 or later. For versions prior to 7.3.3, update to version 7.3.3 or later.

Fix

Cleartext Storage of Sensitive Information

Inadequate Encryption Strength

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-312CWE-326

Related Identifiers

ALSA-2023:0089
ALSA-2023:0304
ALT-PU-2022-1911
ALT-PU-2022-1953
ALT-PU-2022-1954
ALT-PU-2022-1986
ALT-PU-2022-2498
ALT-PU-2022-2551
BDU:2022-04770
CESA-2023_0089
CVE-2022-26307
DLA-3368-1
OPENSUSE-SU-2022_3650-1
OPENSUSE-SU-2024:12452-1
RHSA-2023:0089
RHSA-2023:0304
RHSA-2023_0089
RHSA-2023_0304
RLSA-2023:0089
RLSA-2023:0304
SUSE-SU-2022:3602-1
SUSE-SU-2022:3650-1
USN-5661-1
USN-5694-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Libreoffice
Linuxmint
Red Hat
Rocky Linux
Suse
Ubuntu