To comment on the following update, log in, then open the issue: http://www.openoffice.org/issues/show_bug.cgi?id=112391 Issue #|112391 Summary|Encrypted odt doesn't wipe decrypted content Component|Word processor Version|OOo 3.2 Platform|Unknown URL| OS/Version|Windows XP Status|UNCONFIRMED Status whiteboard| Keywords| Resolution| Issue type|DEFECT Priority|P3 Subcomponent|viewing Assigned to|writerneedsconfirm Reported by|hugsy
------- Additional comments from hu...@openoffice.org Mon Jun 14 16:44:27 +0000 2010 ------- hello. This is my first post so i hope i have done it right. I found out about a security hole in the latest (3.2.0) Openoffice text file (odt). When you save a picture in a *.odt document and encrypt it, it is secured with a 256AES encryption. But when you open the file again, it decrypts its content and saves it in the temporary folder under some *.tmp file, so that you can view it. Then when you close the document again, document itself is secured, but the decrypted content in the temp folder is not wiped out (just normal deletion) and it can easily be restored with recovery software (Recuva). So any one who has a 5 minutes of spare time, can view the content of odt files if they were opened once. I tested this myself. And yes, picture was wiped out after the odt was created and yes, free space was overwritten as well, but when the file is opened and closed again, the decrypted content can be restored. --------------------------------------------------------------------- Please do not reply to this automatically generated notification from Issue Tracker. Please log onto the website and enter your comments. http://qa.openoffice.org/issue_handling/project_issues.html#notification --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@sw.openoffice.org For additional commands, e-mail: issues-h...@sw.openoffice.org --------------------------------------------------------------------- To unsubscribe, e-mail: allbugs-unsubscr...@openoffice.org For additional commands, e-mail: allbugs-h...@openoffice.org