Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 22 Jan 2018 14:32:52 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-ports-bugs@FreeBSD.org
Subject:   [Bug 225379] sysutils/qtpass: Update to 1.2.1
Message-ID:  <bug-225379-13-I1G47abjSx@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-225379-13@https.bugs.freebsd.org/bugzilla/>
References:  <bug-225379-13@https.bugs.freebsd.org/bugzilla/>

next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D225379

--- Comment #1 from Anne Jan Brouwer <brouwer@annejan.com> ---
The way QtPass prior to 1.2.1 generates passwords is insecure.
---

All passwords generated with QtPass's built-in password generator are possi=
bly
predictable and enumerable by hackers. The generator used libc's random(),
seeded with srand(msecs), where msecs is not the msecs since 1970 (not that
that'd be secure anyway), but rather the msecs since the last second.
This means there are only 1000 different sequences of generated passwords.

All passwords that have been generated with QtPass prior to 1.2.1 should be
regenerated and changed.

* Insecure password generation #338 #342
* Version 1.2.0 leaks passwords #334
* When importing settings from 1.1.5 or older clipboard settings revert to =
No
Clipboard #232
* Add Catalan translation #336 (rbuj)

--=20
You are receiving this mail because:
You are the assignee for the bug.=



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-225379-13-I1G47abjSx>