A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3.
Weakness
The product writes sensitive information to a log file.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Qt | Qt | 5.7.0 (including) | 5.7.1 (including) |
| Qt | Qt | 5.9.0 (including) | 5.9.7 (including) |
| Qt | Qt | 5.10.0 (including) | 5.10.1 (including) |
| Qt | Qt | 5.11.0 (including) | 5.11.3 (excluding) |
| Qt | Qt | 5.8.0 (including) | 5.8.0 (including) |
| Qtvirtualkeyboard-opensource-src | Ubuntu | bionic | * |
| Qtvirtualkeyboard-opensource-src | Ubuntu | cosmic | * |
| Qtvirtualkeyboard-opensource-src | Ubuntu | disco | * |
| Qtvirtualkeyboard-opensource-src | Ubuntu | eoan | * |
| Qtvirtualkeyboard-opensource-src | Ubuntu | focal | * |
| Qtvirtualkeyboard-opensource-src | Ubuntu | groovy | * |
| Qtvirtualkeyboard-opensource-src | Ubuntu | hirsute | * |
| Qtvirtualkeyboard-opensource-src | Ubuntu | impish | * |
| Qtvirtualkeyboard-opensource-src | Ubuntu | kinetic | * |
| Qtvirtualkeyboard-opensource-src | Ubuntu | lunar | * |
| Qtvirtualkeyboard-opensource-src | Ubuntu | mantic | * |
| Qtvirtualkeyboard-opensource-src | Ubuntu | oracular | * |
Potential Mitigations
Related Attack Patterns
References
- http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00085.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00086.html
- https://codereview.qt-project.org/#/c/243666/
- https://codereview.qt-project.org/#/c/244569/
- https://codereview.qt-project.org/#/c/244687/
- https://codereview.qt-project.org/#/c/244845/
- https://codereview.qt-project.org/#/c/245283/
- https://codereview.qt-project.org/#/c/245293/
- https://codereview.qt-project.org/#/c/245312/
- https://codereview.qt-project.org/#/c/245638/
- https://codereview.qt-project.org/#/c/245640/
- https://codereview.qt-project.org/#/c/246630/
- http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00085.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00086.html
- https://codereview.qt-project.org/#/c/243666/
- https://codereview.qt-project.org/#/c/244569/
- https://codereview.qt-project.org/#/c/244687/
- https://codereview.qt-project.org/#/c/244845/
- https://codereview.qt-project.org/#/c/245283/
- https://codereview.qt-project.org/#/c/245293/
- https://codereview.qt-project.org/#/c/245312/
- https://codereview.qt-project.org/#/c/245638/
- https://codereview.qt-project.org/#/c/245640/
- https://codereview.qt-project.org/#/c/246630/