A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3.
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Qt | Qt | 5.7.0 (including) | 5.7.1 (including) |
| Qt | Qt | 5.9.0 (including) | 5.9.7 (including) |
| Qt | Qt | 5.10.0 (including) | 5.10.1 (including) |
| Qt | Qt | 5.11.0 (including) | 5.11.3 (excluding) |
| Qt | Qt | 5.8.0 (including) | 5.8.0 (including) |
| Qtvirtualkeyboard-opensource-src | Ubuntu | bionic | * |
| Qtvirtualkeyboard-opensource-src | Ubuntu | cosmic | * |
| Qtvirtualkeyboard-opensource-src | Ubuntu | disco | * |
| Qtvirtualkeyboard-opensource-src | Ubuntu | eoan | * |
| Qtvirtualkeyboard-opensource-src | Ubuntu | groovy | * |
| Qtvirtualkeyboard-opensource-src | Ubuntu | hirsute | * |
| Qtvirtualkeyboard-opensource-src | Ubuntu | impish | * |
| Qtvirtualkeyboard-opensource-src | Ubuntu | kinetic | * |
| Qtvirtualkeyboard-opensource-src | Ubuntu | lunar | * |
| Qtvirtualkeyboard-opensource-src | Ubuntu | mantic | * |
While logging all information may be helpful during development stages, it is important that logging levels be set appropriately before a product ships so that sensitive user data and system information are not accidentally exposed to potential attackers. Different log files may be produced and stored for: