| Vulnerability Name: | CVE-2017-12778 | ||||||||||||||||||||
| Assigned: | 2017-08-10 | ||||||||||||||||||||
| Published: | 2019-05-09 | ||||||||||||||||||||
| Updated: | 2019-07-02 | ||||||||||||||||||||
| Summary: | ** DISPUTED ** The UI Lock feature in qBittorrent version 3.3.15 is vulnerable to Authentication Bypass, which allows Attack to gain unauthorized access to qBittorrent functions by tampering the affected flag value of the config file at the C:\Users\<username>\Roaming\qBittorrent pathname. The attacker must change the value of the "locked" attribute to "false" within the "Locking" stanza. Note: This is an intended behavior. See https://github.com/qbittorrent/qBittorrent/wiki/I-forgot-my-UI-lock-password. | ||||||||||||||||||||
| CVSS v3 Severity: | 7.1 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)
| ||||||||||||||||||||
| CVSS v2 Severity: | 3.6 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N)
| ||||||||||||||||||||
| Vulnerability Type: | CWE-287 | ||||||||||||||||||||
| References: | Source: MISC Type: Exploit, Third Party Advisory http://archive.is/eF2GR Source: MITRE Type: CNA CVE-2017-12778 Source: MISC Type: UNKNOWN https://github.com/qbittorrent/qBittorrent/wiki/I-forgot-my-UI-lock-password Source: MISC Type: Exploit, Third Party Advisory https://medium.com/@BaYinMin/cve-2017-12778-qbittorrent-ui-lock-authentication-bypass-30959ff55ada | ||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
| BACK | |||||||||||||||||||||