virus logo FortiClient Vulnerability

Security Vulnerabilities fixed in Apache OpenOffice 4.1.13

description-logoDescription

Apache OpenOffice supports the storage of passwords for web connections in the user\'s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where the required initialization vector for encryption was always the same which weakens the security of the encryption making them vulnerable if an attacker has access to the user\'s configuration data. And master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making the stored passwords vulnerable to a brute force attack if an attacker has access to the users stored config.

affected-products-logoAffected Applications

Apache OpenOffice

CVE References

CVE-2022-37400 CVE-2022-37401

Other References

https://www.openoffice.org/security/bulletin.html
ID 4461
Created Aug 18, 2022
Description
Updated		 Mar 19, 2024
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Windows
Vendor Apache
Patch manual
Application Apache OpenOffice