Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

CVE-2017-18021

High

9.8/10

Summary

It was discovered that QtPass before 1.2.1, when using the built-in password generator, generates possibly predictable and enumerable passwords. This only applies to the QtPass GUI.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.

References

Advisory Timeline

Published Jan 05, 2018

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

CVE-2017-18021

Summary

CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS