CVE-2017-18021 log

Severity High
Remote Yes
Type Private key recovery
It was discovered that QtPass before 1.2.1, when using the built-in password generator, generates possibly predictable and enumerable passwords. This only applies to the QtPass GUI. The generator used libc's random(), seeded with srand(msecs), where msecs is not the msecs since 1970 (not that that'd be secure anyway), but rather the msecs since the last second. This means there are only 1000 different sequences of generated passwords.
Group Package Affected Fixed Severity Status Ticket
AVG-576 qtpass 1.2.0-1 1.2.1-1 High Fixed
Date Advisory Group Package Severity Type
11 Jan 2018 ASA-201801-11 AVG-576 qtpass High private key recovery
It is advised to change all your passwords and regenerate them using a secure utility such as pass, or update to the latest version of QtPass and regenerate from there.