CVE-2017-12778
published 2019-05-09CVE-2017-12778: The UI Lock feature in qBittorrent version 3.3.15 is vulnerable to Authentication Bypass, which allows Attack to gain unauthorized access to qBittorrent…
PriorityP335high7.1CVSS 3.0
AVLACLPRLUINSUCHIHAN
EPSS
0.48%
37.7th percentile
The UI Lock feature in qBittorrent version 3.3.15 is vulnerable to Authentication Bypass, which allows Attack to gain unauthorized access to qBittorrent functions by tampering the affected flag value of the config file at the C:\Users\\Roaming\qBittorrent pathname. The attacker must change the value of the "locked" attribute to "false" within the "Locking" stanza. NOTE: This is an intended behavior. See https://github.com/qbittorrent/qBittorrent/wiki/I-forgot-my-UI-lock-password
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qbittorrent | qbittorrent | — | — |
CVSS provenance
nvdv3.07.1HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
nvdv2.03.6LOWAV:L/AC:L/Au:N/C:P/I:P/A:N
osv7.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4j9x-m99x-9xm4: The UI Lock feature in qBittorrent version 3
ghsa_unreviewed·2022-05-24
CVE-2017-12778 [HIGH] CWE-287 GHSA-4j9x-m99x-9xm4: The UI Lock feature in qBittorrent version 3
The UI Lock feature in qBittorrent version 3.3.15 is vulnerable to Authentication Bypass, which allows Attack to gain unauthorized access to qBittorrent functions by tampering the affected flag value of the config file at the C:\Users\\Roaming\qBittorrent pathname. The attacker must change the value of the "locked" attribute to "false" within the "Locking" stanza.
OSV
CVE-2017-12778: ** DISPUTED ** The UI Lock feature in qBittorrent version 3
osv·2019-05-09·CVSS 7.1
CVE-2017-12778 [HIGH] CVE-2017-12778: ** DISPUTED ** The UI Lock feature in qBittorrent version 3
** DISPUTED ** The UI Lock feature in qBittorrent version 3.3.15 is vulnerable to Authentication Bypass, which allows Attack to gain unauthorized access to qBittorrent functions by tampering the affected flag value of the config file at the C:\Users\\Roaming\qBittorrent pathname. The attacker must change the value of the "locked" attribute to "false" within the "Locking" stanza. NOTE: This is an intended behavior. See https://github.com/qbittorrent/qBittorrent/wiki/I-forgot-my-UI-lock-password.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://archive.is/eF2GRhttps://github.com/qbittorrent/qBittorrent/wiki/I-forgot-my-UI-lock-passwordhttps://medium.com/%40BaYinMin/cve-2017-12778-qbittorrent-ui-lock-authentication-bypass-30959ff55adahttp://archive.is/eF2GRhttps://github.com/qbittorrent/qBittorrent/wiki/I-forgot-my-UI-lock-passwordhttps://medium.com/%40BaYinMin/cve-2017-12778-qbittorrent-ui-lock-authentication-bypass-30959ff55ada
2019-05-09
Published