cbcvebase.
CVE-2017-12778
published 2019-05-09

CVE-2017-12778: The UI Lock feature in qBittorrent version 3.3.15 is vulnerable to Authentication Bypass, which allows Attack to gain unauthorized access to qBittorrent…

PriorityP335high7.1CVSS 3.0
AVLACLPRLUINSUCHIHAN
EPSS
0.48%
37.7th percentile
The UI Lock feature in qBittorrent version 3.3.15 is vulnerable to Authentication Bypass, which allows Attack to gain unauthorized access to qBittorrent functions by tampering the affected flag value of the config file at the C:\Users\\Roaming\qBittorrent pathname. The attacker must change the value of the "locked" attribute to "false" within the "Locking" stanza. NOTE: This is an intended behavior. See https://github.com/qbittorrent/qBittorrent/wiki/I-forgot-my-UI-lock-password

Affected

1 ranges
VendorProductVersion rangeFixed in
qbittorrentqbittorrent

CVSS provenance

nvdv3.07.1HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
nvdv2.03.6LOWAV:L/AC:L/Au:N/C:P/I:P/A:N
osv7.1HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.