CVE-2017-18021

NameCVE-2017-18021
DescriptionIt was discovered that QtPass before 1.2.1, when using the built-in password generator, generates possibly predictable and enumerable passwords. This only applies to the QtPass GUI.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
qtpass (PTS)buster1.2.3-2fixed
bullseye1.3.2-3fixed
bookworm1.3.2-4fixed
sid, trixie1.4.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
qtpasssourcestretch1.1.6-1+deb9u1
qtpasssource(unstable)1.2.1-1

Notes

https://lists.zx2c4.com/pipermail/password-store/2018-January/003165.html
https://github.com/IJHack/QtPass/issues/338

Search for package or bug name: Reporting problems