How severe is CVE-2022-37401?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2022-37401?

This is classified as CWE-331, which is a common weakness in software security.

CVE-2022-37401 - HIGH Severity | CVSS 8.8

Vulnerability Description

Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making the stored passwords vulnerable to a brute force attack if an attacker has access to the users stored config. This issue affects: Apache OpenOffice versions prior to 4.1.13. Reference: CVE-2022-26307 - LibreOffice

Related Vulnerabilities

CVE-2017-18883

CRITICAL

CVSS:9.1(Critical)

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider. There is low entropy for authorization data.

CWE-3312017

CVE-2021-4238

CRITICAL

CVSS:9.1(Critical)

Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one di...

CWE-3312021

CVE-2024-3411

CRITICAL

CVSS:9.1(Critical)

Implementations of IPMI Authenticated sessions does not provide enough randomness to protect from session hijacking, allowing an attacker to use either predictable IPMI Session ID or weak BMC Random N...

CWE-3312024

CVE-2023-37822

HIGH

CVSS:8.2(High)

The Eufy Homebase 2 before firmware version 3.3.4.1h creates a dedicated wireless network for its ecosystem, which serves as a proxy to the end user's primary network. The WPA2-PSK generation of this ...

CWE-3312023

CVE-2014-8422

HIGH

CVSS:8.1(High)

The web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 generates session cookies with insufficient entropy, which makes ...

CWE-3312014

CVE-2017-13992

HIGH

CVSS:8.1(High)

An Insufficient Entropy issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not utilize sufficiently random number generation for the web interface authentication mec...

CWE-3312017