Kde: >> Paste Applet Security Vulnerabilities
The %{password(...)} macro in pastemacroexpander.cpp in the KDE Paste Applet before 4.10.5 in kdeplasma-addons does not properly generate passwords, which allows context-dependent attackers to bypass authentication via a brute-force attack.
CVSS Score
8.4
EPSS Score
0.001
Published
2020-02-11
The KRandom::random function in KDE Paste Applet after 4.10.5 in kdeplasma-addons uses the GNU C Library rand function's linear congruential generator, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the generator output.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-02-11