2 matches found
[ASA-201801-11] qtpass: private key recovery
Arch Linux Security Advisory ASA-201801-11 ========================================== Severity: High Date : 2018-01-11 CVE-ID : CVE-2017-18021 Package : qtpass Type : private key recovery Remote : Yes Link : https://security.archlinux.org/AVG-576 Summary ======= The package qtpass before version...
CVE-2017-18021
QtPass before 1.2.1 (QtPass GUI) uses a non-cryptographically secure RNG seeded with srand(msecs) based on the last-second, yielding possibly predictable/enumerable passwords and exposing them to attackers. Impact: passwords generated by the built-in generator may be recovered or enumerated. Reme...