CVE-2017-18021
CRITICALqtpass < 1.2.1 - Use of Cryptographically Weak Pseudo-Random Number Generator in Password Generator
Title source: llmDescription
It was discovered that QtPass before 1.2.1, when using the built-in password generator, generates possibly predictable and enumerable passwords. This only applies to the QtPass GUI.
References (4)
Core 4
Core References
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/IJHack/QtPass/releases/tag/v1.2.1
Vendor Advisory x_refsource_misc
https://qtpass.org/
Exploit, Third Party Advisory x_refsource_misc
https://github.com/IJHack/QtPass/issues/338
Patch, Third Party Advisory x_refsource_misc
https://lists.zx2c4.com/pipermail/password-store/2018-January/003165.html
Scores
CVSS v3
9.8
EPSS
0.0241
EPSS Percentile
81.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-338
Status
published
Products (1)
qtpass/qtpass
< 1.2.1
Published
Jan 05, 2018
Tracked Since
Feb 18, 2026