Vigil@nce - Qt Creator: missing SSH public key validation
November 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can intercept communications between Qt Creator and
its controlled devices, in order to get the privileges of the
authorized user.
Impacted products: Windows (platform), Unix (platform)
Severity: 2/4
Creation date: 07/11/2014
DESCRIPTION OF THE VULNERABILITY
The Qt Creator product may be used to control mobile devices,
including though a network.
In the network case, Qt Creator uses SSH. However, it does not
check the public key of the SSH server of the device. So an
attacker installed as a proxy (man in the middle) can read and
modify exchanged data in the same way than if SSH was not used.
This is similar to the vulnerablities where an X.509 certificate
is not fully validated for SSL connections.
An attacker can therefore intercept communications between Qt
Creator and its controlled devices, in order to get the privileges
of the authorized user.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Qt-Creator-missing-SSH-public-key-validation-15609