[sw-issues] [Issue 112391] Encrypted odt doesn't wi pe decrypted content

Mon, 14 Jun 2010 09:48:16 -0700 

To comment on the following update, log in, then open the issue:
http://www.openoffice.org/issues/show_bug.cgi?id=112391
                 Issue #|112391
                 Summary|Encrypted odt  doesn't wipe decrypted content
               Component|Word processor
                 Version|OOo 3.2
                Platform|Unknown
                     URL|
              OS/Version|Windows XP
                  Status|UNCONFIRMED
       Status whiteboard|
                Keywords|
              Resolution|
              Issue type|DEFECT
                Priority|P3
            Subcomponent|viewing
             Assigned to|writerneedsconfirm
             Reported by|hugsy





------- Additional comments from hu...@openoffice.org Mon Jun 14 16:44:27 +0000 
2010 -------
hello. This is my first post so i hope i have done it right.

I found out about a security hole in the latest (3.2.0) Openoffice text file
(odt). When you save a picture in a *.odt document and encrypt it, it is secured
with a 256AES encryption. But when you open the file again, it decrypts its
content and saves it in the temporary folder under some *.tmp file, so that you
can view it. Then when you close the document again, document itself is secured,
but the decrypted content in the temp folder is not wiped out (just normal
deletion) and it can easily be restored with recovery software (Recuva). So any
one who has a 5 minutes of spare time, can view the content of odt files if they
were opened once. I tested this myself.
And yes, picture was wiped out after the odt was created and yes, free space was
overwritten as well, but when the file is opened and closed again, the decrypted
content can be restored.

---------------------------------------------------------------------
Please do not reply to this automatically generated notification from
Issue Tracker. Please log onto the website and enter your comments.
http://qa.openoffice.org/issue_handling/project_issues.html#notification

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@sw.openoffice.org
For additional commands, e-mail: issues-h...@sw.openoffice.org


---------------------------------------------------------------------
To unsubscribe, e-mail: allbugs-unsubscr...@openoffice.org
For additional commands, e-mail: allbugs-h...@openoffice.org

Reply via email to