CVE-2022-26307
Weak Master KeysLibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making the stored passwords vulerable to a brute force attack if an attacker has access to the users stored config. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.3.
We have discovered 151 live websites that are affected by CVE-2022-26307.
Contact us to get more info
Affected Software
| |
---|
Product | LibreOffice |
Category | Content Management System |
Vulnerable Versions | - from 7.2 before 7.2.7
- from 7.3 before 7.3.3
|
Total Vulnerable Versions | 195 |
Vulnerable Domains | 151 live websites (4.48% of LibreOffice install base) |
Common Weakness Enumeration
CWE-326 Inadequate Encryption Strength