Home > Vulnerability Database > CVE-2017-12778

Mend.io Vulnerability Database

CVE-2017-12778

Date: May 9, 2019

The UI Lock feature in qBittorrent version 3.3.15 is vulnerable to Authentication Bypass, which allows Attack to gain unauthorized access to qBittorrent functions by tampering the affected flag value of the config file at the C:\Users\<username>\Roaming\qBittorrent pathname. The attacker must change the value of the "locked" attribute to "false" within the "Locking" stanza. NOTE: This is an intended behavior. See https://github.com/qbittorrent/qBittorrent/wiki/I-forgot-my-UI-lock-password

Severity Score

7.1

Related Resources (5)

Url: https://medium.com/%40BaYinMin/cve-2017-12778-qbittorrent-ui-lock-authentication-bypass-30959ff55ada

Url: https://nvd.nist.gov/vuln/detail/CVE-2017-12778

Url: http://archive.is/eF2GR

Url: https://github.com/qbittorrent/qBittorrent/wiki/I-forgot-my-UI-lock-password

Url: https://www.mend.io/vulnerability-database/CVE-2017-12778

Severity Score

7.1

Weakness Type (CWE)

Authentication Issues

CWE-287

CVSS v3.1

Base Score:	7.1
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

CVSS v2

Base Score:	3.6
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2017-12778

Date: May 9, 2019

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?