Security Vulnerability Report - qBittorrent UI Lock - Authentication Bypass
Posted: Fri Aug 11, 2017 8:17 am
Hi qBittorrent team,
I would like to report security vulnerability concerning qBittorrent product.
Description
qBittorrent UI Lock functionality was vulnerable to authentication bypass. From the assessment of the product, it was noted that UI Lock screen functionality is supposed to protect unauthorised access to qBittorrent product features/functionality. The affected version of the product did not enforce robust authentication mechanism, thus UI Lock can be bypassed by tampering a flag in the client side configuration file.
Impact
From the assessment of the product, it was noted that UI Lock functionality is supposed to protect unauthorised access to qBittorrent product features/functionality. However, broken authentication mechanism may lead to unauthorised user accessing available functions of the product unauthorised manner.
Steps
1. Launch qbittorrent.exe
2. Click lock icon lock qBittorrent on upper right hand corner and input appropriate password
3. After successfully inputing the password, verify that the software asked for password when clicked through system tray icon or from exe file
4. To bypass this password prompt, bring up Window Task Manager and kill the qbittorrent.exe process
5. Go to Run and type %appdata%. The window explorer will be launched
6. Go inside qBittorrent folder within C:\Users\<username>\Roaming
7. Open qBittorrent configuration text file and locate locked attribute within Locking stanza
8. Change the value of locked attribute to false
9. Relaunch the qbittorrent.exe. Now, the UI Lock authentication is bypassed and the application will be launched without password prompt.
Affected Product
qBittorrent v3.3.15 for window
Risk Rating (CVSS 2)
Base Score: 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C)
Ref:https://medium.com/@BaYinMin/cve-2017-1 ... 959ff55ada
I would like to report security vulnerability concerning qBittorrent product.
Description
qBittorrent UI Lock functionality was vulnerable to authentication bypass. From the assessment of the product, it was noted that UI Lock screen functionality is supposed to protect unauthorised access to qBittorrent product features/functionality. The affected version of the product did not enforce robust authentication mechanism, thus UI Lock can be bypassed by tampering a flag in the client side configuration file.
Impact
From the assessment of the product, it was noted that UI Lock functionality is supposed to protect unauthorised access to qBittorrent product features/functionality. However, broken authentication mechanism may lead to unauthorised user accessing available functions of the product unauthorised manner.
Steps
1. Launch qbittorrent.exe
2. Click lock icon lock qBittorrent on upper right hand corner and input appropriate password
3. After successfully inputing the password, verify that the software asked for password when clicked through system tray icon or from exe file
4. To bypass this password prompt, bring up Window Task Manager and kill the qbittorrent.exe process
5. Go to Run and type %appdata%. The window explorer will be launched
6. Go inside qBittorrent folder within C:\Users\<username>\Roaming
7. Open qBittorrent configuration text file and locate locked attribute within Locking stanza
8. Change the value of locked attribute to false
9. Relaunch the qbittorrent.exe. Now, the UI Lock authentication is bypassed and the application will be launched without password prompt.
Affected Product
qBittorrent v3.3.15 for window
Risk Rating (CVSS 2)
Base Score: 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C)
Ref:https://medium.com/@BaYinMin/cve-2017-1 ... 959ff55ada