PT-2019-7914 · Bittorrent+1 · Qbittorrent+1
Published
2017-09-11
·
Updated
2024-08-05
·
CVE-2017-12778
CVSS v3.1
7.1
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
qBittorrent version 3.3.15
Description
The issue concerns the UI Lock feature, which can be bypassed by tampering with the config file. An attacker can gain unauthorized access to qBittorrent functions by modifying the
locked attribute within the Locking stanza in the config file located at C:Users<username>RoamingqBittorrent. However, it is noted that this behavior is intended.Recommendations
For qBittorrent version 3.3.15, consider using alternative security measures, as the UI Lock feature can be bypassed by modifying the config file. Avoid relying solely on the UI Lock feature for security.
Exploit
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Qbittorrent