CVE-2017-12778

The UI Lock feature in qBittorrent version 3.3.15 is vulnerable to Authentication Bypass, which allows Attack to gain unauthorized access to qBittorrent functions by tampering the affected flag value of the config file at the C:\Users\<username>\Roaming\qBittorrent pathname. The attacker must change the value of the "locked" attribute to "false" within the "Locking" stanza. NOTE: This is an intended behavior. See https://github.com/qbittorrent/qBittorrent/wiki/I-forgot-my-UI-lock-password
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.1 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
VendorProductVersion
qbittorrentqbittorrent
3.3.15
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
qbittorrent
noble
not-affected
mantic
ignored
lunar
ignored
kinetic
ignored
jammy
not-affected
impish
ignored
hirsute
ignored
groovy
ignored
focal
not-affected
eoan
ignored
disco
ignored
cosmic
ignored
bionic
not-affected
xenial
not-affected
trusty
dne
Common Weakness Enumeration
References
http://archive.is/eF2GR
https://github.com/qbittorrent/qBittorrent/wiki/I-forgot-my-UI-lock-password
https://medium.com/%40BaYinMin/cve-2017-12778-qbittorrent-ui-lock-authentication-bypass-30959ff55ada
http://archive.is/eF2GR
https://github.com/qbittorrent/qBittorrent/wiki/I-forgot-my-UI-lock-password
https://medium.com/%40BaYinMin/cve-2017-12778-qbittorrent-ui-lock-authentication-bypass-30959ff55ada