Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)

CVE-2024-36048

High

9.8/10

Summary

"QAbstractOAuth" in Qt Network Authorization in Qt prior to 5.15.17, 6.x prior to 6.2.13, 6.3.x through 6.5.x prior to 6.5.6, and 6.6.x through 6.7.x prior to 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-335 - Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)

The software uses a Pseudo-Random Number Generator (PRNG) but does not correctly manage seeds.

References

Advisory
Mail Thread

Advisory Timeline

Published May 18, 2024

Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)

CVE-2024-36048

Summary

CWE-335 - Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS