CVE-2022-26307 in LibreOffice
Summary
by MITRE • 07/25/2022
LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making the stored passwords vulerable to a brute force attack if an attacker has access to the users stored config. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.3.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 05/08/2026
The vulnerability described in CVE-2022-26307 represents a critical cryptographic weakness in LibreOffice's password storage mechanism that undermines the security of user credentials stored for web connections. This flaw specifically targets the configuration database where users can save passwords for web services, creating a significant attack surface when combined with the weak encryption implementation. The vulnerability exists in LibreOffice versions 7.2.x prior to 7.2.7 and 7.3.x prior to 7.3.3, affecting a substantial portion of the user base that relies on the application's web connection features. The issue demonstrates a fundamental failure in cryptographic implementation where the master key derivation process does not properly maintain the intended entropy levels, creating a pathway for attackers to compromise stored credentials.
The technical flaw stems from improper encoding of the master key used for encrypting stored passwords within LibreOffice's configuration database. According to cryptographic standards and best practices, a properly implemented encryption system should maintain the full entropy of the master key throughout the encryption process. In this case, the implementation reduces the effective entropy from the expected 128 bits down to only 43 bits, a dramatic weakening that makes brute force attacks computationally feasible. This reduction in entropy occurs during the key derivation process where the user-provided master key is processed through an insufficiently complex algorithm that fails to preserve the cryptographic strength of the original key. The weakness creates a predictable pattern that allows attackers to significantly reduce the search space required to discover the correct master key, thereby compromising all passwords stored in the configuration database.
The operational impact of this vulnerability extends beyond individual user accounts to potentially affect entire organizational security postures when users store credentials for web services within LibreOffice. Attackers who gain access to a user's configuration database can exploit this weakness to recover stored passwords without requiring additional authentication factors or complex attack vectors. The vulnerability is particularly concerning because it affects the core functionality of LibreOffice's web connection management, which is commonly used by users who need to access password-protected web resources through the application. This weakness can be leveraged in various attack scenarios including privilege escalation, lateral movement, and credential theft within environments where LibreOffice is widely deployed. The attack surface is further expanded when considering that many users store multiple web connection credentials within the same configuration database, potentially exposing multiple accounts with a single successful attack.
Security mitigations for this vulnerability should focus on immediate remediation through the installation of patched LibreOffice versions, specifically 7.2.7 or later for 7.2.x releases and 7.3.3 or later for 7.3.x releases. Users should be advised to immediately regenerate and re-store all web connection passwords after applying the patches, as the compromised master key may have been used to encrypt existing credentials. System administrators should implement monitoring for unauthorized access to user configuration databases and consider implementing additional security controls such as file system permissions and encryption at rest for configuration files. The vulnerability highlights the importance of proper key derivation functions and adherence to cryptographic best practices, particularly the avoidance of weak or predictable encoding schemes that reduce entropy. Organizations should also consider implementing multi-factor authentication for web services where possible, as this vulnerability demonstrates how weaknesses in one system component can compromise access to multiple services through credential storage mechanisms.
This vulnerability aligns with CWE-326, which addresses the issue of inadequate encryption strength, and represents a classic example of poor implementation of cryptographic primitives. The flaw can be mapped to ATT&CK technique T1555.003, which covers credentials from password storage modules, demonstrating how attackers can exploit application-level weaknesses to extract stored credentials. The vulnerability also relates to the broader category of weak key derivation functions that can be found in ATT&CK technique T1212, which covers exploitation for credential access through weaknesses in credential storage systems. The issue underscores the critical importance of proper cryptographic implementation and the need for thorough security testing of encryption mechanisms, particularly in applications that handle sensitive user data such as passwords and authentication credentials.