While LibreOffice supports digital signatures of ODF documents and macros within docs, it tends to present visual aids that alteration of the document never occurred since the last signing and validation of the signature. But, there are some vulnerabilities in how LibreOffice handles the documents, as an Improper Certificate Validation in LibreOffice could allow an attacker to create a digitally signed ODF document.
The attacker could modify a digitally signed ODF document to insert additional signing time timestamp by manipulating the documentsignatures.xml or macrosignatures.xml stream within the doc, which LibreOffice would then present as a valid signature.
How the exploitation of the Flaws could allow an attacker to Manipulate the Timestamp of signed ODF documents?
The exploitation of the flaws, which are three in number, could permit an attacker to alter the contents of a doc or self-sign a document with an unvalid signature, and manipulate the timestamp of signed ODF documents, including altering the contents of a document.
LibreOffice will incorrectly display a valid signature indicator suggesting that the document was not tampered with since the signing, and presents the signature with an unknown algorithm as legitimately issued by a trusted party.
The vulnerabilities could also be weaponized by malicious actors to alter documents, making them appear as if digitally signed by a trusted source.
How to Mitigate against LibreOffice's Digital Signature Spoofing?
The discovery was credited to NDS of Ruhr University Bochum who reported the flaws, and The Document Foundation has promptly issued security fixes for the three vulnerabilities.
The flaws were fixed in LibreOffice versions 7.0.5, 7.0.6, 7.1.1 and 7.1.2. Therefore, it is recommended that users of LibreOffice should update their software to the latest versions.