CVE-2017-18021

NameCVE-2017-18021
DescriptionIt was discovered that QtPass before 1.2.1, when using the built-in password generator, generates possibly predictable and enumerable passwords. This only applies to the QtPass GUI.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
qtpass (PTS)stretch1.1.6-1+deb9u1fixed
buster1.2.3-2fixed
bookworm, sid, bullseye1.3.2-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
qtpasssourcestretch1.1.6-1+deb9u1
qtpasssource(unstable)1.2.1-1

Notes

https://lists.zx2c4.com/pipermail/password-store/2018-January/003165.html
https://github.com/IJHack/QtPass/issues/338

Search for package or bug name: Reporting problems