Details
-
Bug
-
Resolution: Done
-
P2: Important
-
Qt Creator 3.2.2
-
None
-
62a83f911365eab71e7260484517ef6c739d5192
Description
The ssh client in qt creator does not check the fingerprint of the remote device, leading to a trivial man in the middle attack.
This is a security bug, which will likely require a CVE assigned.
This affects all versions.
Attachments
For Gerrit Dashboard: QTCREATORBUG-13339 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
99684,8 | SSH: implement host key checking. | master | qt-creator/qt-creator | Status: MERGED | +2 | 0 |