https://bugs.documentfoundation.org/show_bug.cgi?id=141922
--- Comment #2 from Walter <who...@hurontel.on.ca> ---
Here is exactly what I did (and have done).. its 100 % repeatable.
(Using LibreOffice Calc... Latest Version and Build 7.05.2 (x64))
I have a spread sheet which I use to record 'sensitive information' using
LibreOffice Calc
I put a (complex) password on the file. (But did not encrypt it... not that
sensitive!)
I use Windows 10 Back up and Restore to back up selected files (eg Documents)
on a Seagate USB Extension Drive, have done for years.
There is an option on Windows 10 Back Up and Restore and Record "File History"
It has a recommendation in Windows B/U to select this option.
I did that (have done for ages also).
It saves all revisions of any file modified... to the same drive during the
Back Up process.
Once the back up is complete .. the back up file appears to be encrypted and
not readable.
However the "File History is not".
If you take the extension drive to ANY computer and plug it in a usb port, you
can find ALL of the File History Data on the Extension Drive.
If you have a suitable application (In my case my wife's laptop also has
LibreOffice Installed)
CLICK on any one of them (including the very last one (most recent).
Its possible to OPEN that file in Read Only mode... displaying all of the data
without any request for a password whatsoever!
It is also possible to change the settings in this file to allow updates and
changes which cannot overwrite the file on the extension drive but can be saved
under a new name in a New Location or E Mailed /Printed etc.
I wrote also to Microsoft .. it may be their problem.... got a rather terse
reply and a form to fill up.. not expecting any interest there!
I discovered this by accident when my desktop got damaged by water.. I simply
plugged the extension drive into my wife's laptop.. used Windows Explorer to
search the Extension drive for my files.. there were many .. I clicked on the
latest one (all had dates shown in the File Name).
To my surprise LibreOffice on her machine Opened the file without any password
request.. and I could view all the Data.
Not sure of your definition of a "Vulnerability" but I see a number of ways to
obtain sensitive information using any kind of approach.
Even "The Cloud" doesn't seem secure if anyone can do this?
Thank you for taking my concern seriously.
Walter
On 2021-04-27 2:55 a.m., bugzilla-dae...@bugs.documentfoundation.org wrote:
> m.a.riosv changed bug 141922
> What Removed Added
> Ever confirmed 1
> CC miguelange...@libreoffice.org
> Status UNCONFIRMED NEEDINFO
>
> Comment # 1 on bug 141922 from m.a.riosv
> Doesn't seem feasible, because it's in the practice no possible to recover a
> password saved file on LibreOffice without the password.
>
> So please detail as much as possible the steps that you follow, from when you
> have the file open and how do you save the file, the file type you have used
> to
> save and following steps.
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
