Andy Shaw reports:
The OAuth1 implementation in QtNetworkAuth created nonces using
a PRNG that was seeded with a predictable seed.
This means that an attacker that can somehow control the time of
the first OAuth1 flow of the process has a high chance of predicting
the nonce used in said OAuth flow.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | qt5-networkauth | < 5.15.13_1 | UNKNOWN |
FreeBSD | any | noarch | qt6-networkauth | < 6.7.1 | UNKNOWN |