Vulnerability Description
It was discovered that QtPass before 1.2.1, when using the built-in password generator, generates possibly predictable and enumerable passwords. This only applies to the QtPass GUI.
CVSS Score
9.8
CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qtpass | Qtpass | < 1.2.1 |
Related Weaknesses (CWE)
References
- https://github.com/IJHack/QtPass/issues/338ExploitThird Party Advisory
- https://github.com/IJHack/QtPass/releases/tag/v1.2.1Release NotesThird Party Advisory
- https://lists.zx2c4.com/pipermail/password-store/2018-January/003165.htmlPatchThird Party Advisory
- https://qtpass.org/Vendor Advisory
- https://github.com/IJHack/QtPass/issues/338ExploitThird Party Advisory
- https://github.com/IJHack/QtPass/releases/tag/v1.2.1Release NotesThird Party Advisory
- https://lists.zx2c4.com/pipermail/password-store/2018-January/003165.htmlPatchThird Party Advisory
- https://qtpass.org/Vendor Advisory
FAQ
What is CVE-2017-18021?
CVE-2017-18021 is a vulnerability with a CVSS score of 9.8 (CRITICAL). It was discovered that QtPass before 1.2.1, when using the built-in password generator, generates possibly predictable and enumerable passwords. This only applies to the QtPass GUI.
How severe is CVE-2017-18021?
CVE-2017-18021 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-18021?
Check the references section above for vendor advisories and patch information. Affected products include: Qtpass Qtpass.