Security advisory: OAuth1 in QtNetworkAuth

The OAuth1 implementation in QtNetworkAuth created nonces using a PRNG that was seeded with a predictable seed. This issue has been assigned the CVE id CVE-2024-36048.

This means that an attacker that can somehow control the time of the first OAuth1 flow of the process has a high chance of predicting the nonce used in said OAuth flow.

Solution: Apply the corresponding patch for your version or update to Qt 5.15.17, Qt 6.2.13, Qt 6.5.6 or Qt 6.7.1

Patches:

dev: https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560317
6.7: https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560727 or https://download.qt.io/official_releases/qt/6.7/CVE-2024-36048-qtnetworkauth-6.7.diff
6.6: https://download.qt.io/official_releases/qt/6.6/CVE-2024-36048-qtnetworkauth-6.6.diff
6.5: https://codereview.qt-project.org/c/qt/tqtc-qtnetworkauth/+/560726 or https://download.qt.io/official_releases/qt/6.5/CVE-2024-36048-qtnetworkauth-6.5.diff
6.2: https://codereview.qt-project.org/c/qt/tqtc-qtnetworkauth/+/560420 or https://download.qt.io/archive/qt/6.2/CVE-2024-36048-qtnetworkauth-6.2.diff 
5.15: https://codereview.qt-project.org/c/qt/tqtc-qtnetworkauth/+/560725 or https://download.qt.io/official_releases/qt/5.15/CVE-2024-36048-qtnetworkauth-5.15.diff