Breach in password-protected file

English
#1

I have been using an Excel-made (likely with Excel 2008), password-protected file in Calc for several months with no problem. It has always been saved in Excel format (Excel 2007-365 .xlsx), not as .odf.

Today, while doing some routine monthly security checks, I did a system-wide search using a part of the alphanumeric string which appears in one of my most important passwords. Disturbingly, that particular Calc file, showed up in the search results, which normally only shows the plist file of “Find any File”, that I use to do the search. This seemed to indicate that something was seriously wrong, as I would assume that the contents of a password-protected information would not be accessible via a text search.

I then tried to open that protected file, and very surprisingly, the file opened without first requesting the password. The problem seemed to be specific to that particular file, as other password-protected files still asked for the password before opening.

After looking around in the LibreOffice forums, I found that others have had similar, but not identical problems which seemed to indicate that the problem was the saving of the file in older Excel formats. I then tried saving the file in ODF format, which required re-entering the password. After this, the file again opens after first requesting the password. So far so good…?

Well, before anyone says that the cause was simply the Excel format, I have a couple of questions:

  1. Why should this problem suddenly appear, after using this file and always saving in .xlsx format for months?
  2. Why is it that this was the only file affected, with other .xlsx files still opening after password request?
  3. This file happens to contain critical security data. How could the password protection in LibreOffice have been circumvented to allow searching within this file?

Thanks in advance for any ideas.

#2

Maybe this Wikipedia article might help Microsoft Office password protection - Wikipedia

#3

It (usually) doesn’t matter, what your file contains. The CV of Mickey Mouse or Donald Duck is protected the same way as your “critical security data”.
.
IMHO the password protection was not circumvented, as you already checked:

So I’d guess the most likely scenario is: The file was saved without protection at the last time…
And obviously: A person, who knows the password can remove it.
.

One point to note is the different between “protection” and “encryption”. Old MS-password protection could indeed be removed, for encrypted files there is no such option (without loosing the files contents).

PS:

If we would know before, we would not need backups. (Or maybe, the persons who knew about the future have already left us to enjoy the fortunes they earned by their knowledge… )
And how do you know, it way suddenly? :wink:

#4

@Wanderer

I wrote “critical security data” to point out how serious the issue appears to me, because it’s just that, not some insignificant correspondence to be kept hidden from my children or your Disney characters.

There’s only one person that’s allowed to do anything about password-protection or even editing of the file, and that’s myself. Others have only read-only access. There is no indication that there was any outside “invasion” of our otherwise well-protected systems. So, unless I should unknowingly suffer from sleep-computing…

Else, if that helps in understanding what in the world might have happened, the file was not — ever — encrypted. Only password-protected. The file always gets saved by using Cmd+S. I somehow doubt that there’s a keyboard command that allows for the removal of protection and that can be activated by mistake (it actually took me a good while to figure out the menu entry where password-protection could be re-instated.) But I’d be happy, or should I say unhappy, to be proved wrong.

About the time frame. Let’s say the “breach” — i.e. the file’s contents being accessible because its password-protection had vanished into thin air — was discovered on, let’s call it day-0. Our backups show that the file that had been accessed, modified and saved on day-2 was breached. The previous backup that had been accessed and modified went back to day-10 and it was not breached. Backups from day-9 to early on day-2 were just clones of the file saved on day-10. In relation to having the file protected for months in LibreOffice and for many years in Excel, I don’t think it’s an exaggeration to use the word “suddenly.”

#5

Do you mean, that there was a way to open that specific file read-ony, as opposed to read-write access requiring the password?

#6

@ mikekaganski :

Yes and no: you always needed the password to open the read-only file too (of course?)

Impressum (Legal Info) | Datenschutzerklärung (Privacy Policy)   Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.