CVE-2017-12778 Information

Description

LICENSE README.md cvefilelist cvelist nvdcve nvdpages.sh scripts test-CVE-2017-1882.markdown test-CVE-2017-18822.markdown tmpvendorlinks DISPUTED LICENSE README.md cvefilelist cvelist nvdcve nvdpages.sh scripts test-CVE-2017-1882.markdown test-CVE-2017-18822.markdown tmpvendorlinks The UI Lock feature in qBittorrent version 3.3.15 is vulnerable to Authentication Bypass which allows Attack to gain unauthorized access to qBittorrent functions by tampering the affected flag value of the config file at the C:\Users\username\Roaming\qBittorrent pathname. The attacker must change the value of the \locked\ attribute to \false\ within the \Locking\ stanza. NOTE: This is an intended behavior. See https://github.com/qbittorrent/qBittorrent/wiki/I-forgot-my-UI-lock-password.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Reference

http://archive.is/eF2GR https://github.com/qbittorrent/qBittorrent/wiki/I-forgot-my-UI-lock-password https://medium.com/@BaYinMin/cve-2017-12778-qbittorrent-ui-lock-authentication-bypass-30959ff55ada

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

NONE

Base Severity

7.1