CVE-2017-12778

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-12778
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-12778.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-12778
Published
2019-05-09T17:29:00.250Z
Modified
2026-03-14T09:24:29.502062Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

The UI Lock feature in qBittorrent version 3.3.15 is vulnerable to Authentication Bypass, which allows Attack to gain unauthorized access to qBittorrent functions by tampering the affected flag value of the config file at the C:\Users<username>\Roaming\qBittorrent pathname. The attacker must change the value of the "locked" attribute to "false" within the "Locking" stanza. NOTE: This is an intended behavior. See https://github.com/qbittorrent/qBittorrent/wiki/I-forgot-my-UI-lock-password

References

Affected packages

Git / github.com/qbittorrent/qbittorrent

Affected ranges

Type
GIT
Repo
https://github.com/qbittorrent/qbittorrent
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
256211c16a3cd7fc7eda49066a17242d102d8287
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.3.15"
        }
    ]
}

Affected versions

release-2.*
release-2.9.0
release-3.*
release-3.0.0
release-3.3.0
release-3.3.1
release-3.3.10
release-3.3.11
release-3.3.12
release-3.3.13
release-3.3.14
release-3.3.15
release-3.3.2
release-3.3.3
release-3.3.4
release-3.3.5
release-3.3.6
release-3.3.7
release-3.3.8
release-3.3.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-12778.json"