CVE-2017-18021 Information
Feb 14, 2021
cve
Description
It was discovered that QtPass before 1.2.1 when using the built-in password generator generates possibly predictable and enumerable passwords. This only applies to the QtPass GUI.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
https://github.com/IJHack/QtPass/issues/338 https://github.com/IJHack/QtPass/releases/tag/v1.2.1 https://lists.zx2c4.com/pipermail/password-store/2018-January/003165.html https://qtpass.org/
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: