Security advisory: OAuth1 in QtNetworkAuth

The OAuth1 implementation in QtNetworkAuth created nonces using a PRNG that was seeded with a predictable seed. This issue has been assigned the CVE id CVE-2024-36048.

This means that an attacker that can somehow control the time of the first OAuth1 flow of the process has a high chance of predicting the nonce used in said OAuth flow.

Solution: Apply the corresponding patch for your version or update to Qt 5.15.17, Qt 6.2.13, Qt 6.5.6 or Qt 6.7.1


6.7: or
6.5: or
6.2: or 
5.15: or

Blog Topics: