364 matches found
CVE-2022-37401
Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where master key was poorly encoded resulting in weakening its entropy from...
CVE-2022-37401
Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where master key was poorly encoded resulting in weakening its entropy from...
CVE-2022-37401
Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where master key was poorly encoded resulting in weakening its entropy from...
Design/Logic Flaw
Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where master key was poorly encoded resulting in weakening its entropy from...
Apache OpenOffice 安全特征问题特征问题漏洞
Apache OpenOffice is an open source office software suite from the U.S. Apache Apache Foundation. The suite contains text documents, spreadsheets, presentations, drawings, databases and more. A security feature issue vulnerability exists in Apache OpenOffice versions prior to 4.1.13, which stems...
CVE-2022-37401
CVE-2022-37401 describes weak master-key encoding in OpenOffice/OpenOffice-derived LibreOffice implementations that protects web-connection passwords in the user configuration database. The root cause is poor encoding of the master key, dropping entropy from 128 bits to 43 bits, which enables bru...
PT-2022-23974 · Apache · Apache Openoffice +1
Name of the Vulnerable Software and Affected Versions: Apache OpenOffice versions prior to 4.1.13 Description: A flaw in Apache OpenOffice exists where the master key used for encrypting stored passwords is poorly encoded, reducing its entropy from 128 to 43 bits. This makes the stored passwords...
Insecure Cryptographic Function
LibreOffice has insecure cryptographic function. The vulnerability exists due to stored passwords being encrypted with a single master key provided by the user...
LibreOffice < 7.2.7 / 7.3 < 7.3.3 Multiple Vulnerabilities (Windows)
According to its self-reported version, the LibreOffice application running on the remote host is prior to 7.2.7 or 7.3.3. It is, therefore, affected by multiple vulnerabilities: - LibreOffice supports the storage of passwords for web connections in the user's configuration database. The stored...
CVE-2022-26307
LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 t...
CVE-2022-26307
LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 t...
DEBIAN-CVE-2022-26307
LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 t...
CVE-2022-26307
LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 t...
CVE-2022-26307
LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 t...
UBUNTU-CVE-2022-26307
LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 t...
LibreOffice 安全漏洞
LibreOffice is an open source office software suite from The Document Foundation tdf. The product includes the Writer text documents, Calc spreadsheets and Impress presentations applications. A security vulnerability exists in LibreOffice version 7.2 up to and including version 7.2.7, and version...
CVE-2022-0828
The Download Manager WordPress plugin before 3.2.34 uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the...
PT-2022-13453 · WordPress · Download Manager
Name of the Vulnerable Software and Affected Versions: Download Manager WordPress plugin versions prior to 3.2.39 Description: The issue allows an attacker to brute force the master key for a download, generated using the uniqid php function, with reasonable resources. This gives direct download...
Download Manager < 3.2.39 - Unauthenticated brute force of files master key
The plugin uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the download. ?php // The full timestamp fro...
PAN-OS: OS Command Injection in Simple Certificate Enrollment Protocol (SCEP)
An OS command injection vulnerability in the Simple Certificate Enrollment Protocol SCEP feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the firewall configuration to execute arbitrary code with root user privileges. The attacker must have...