FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

QtNetworkAuth -- predictable seeding of PRNG in QAbstractOAuth

Affected packages
qt5-networkauth < 5.15.13_1
qt6-networkauth < 6.7.1


VuXML ID f5fa174d-19de-11ef-83d8-4ccc6adda413
Discovery 2024-05-08
Entry 2024-05-24

Andy Shaw reports:

The OAuth1 implementation in QtNetworkAuth created nonces using a PRNG that was seeded with a predictable seed.

This means that an attacker that can somehow control the time of the first OAuth1 flow of the process has a high chance of predicting the nonce used in said OAuth flow.


CVE Name CVE-2024-36048