Security advisory: OAuth1 in QtNetworkAuth

The OAuth1 implementation in QtNetworkAuth created nonces using a PRNG that was seeded with a predictable seed. This issue has been assigned the CVE id CVE-2024-36048. This means that an attacker that can somehow control the time of the first OAuth1 flow of the process has a high chance of predicting the nonce used in said OAuth flow. Solution: Apply the corresponding patch for your version or update to Qt 5.15.17, Qt 6.2.13, Qt 6.5.6 or Qt 6.7.1 Patches: dev: 6.7: or 6.6: 6.5: or 6.2: or 5.15: or…Read More

Back to Main

Subscribe for the latest news: