CVE-2017-12778

HIGH Year: 2017
CVSS v3 Score
7.1
High
CVSS v2 Score
3.6
Low
Weakness Type
CWE-287
View all →

Vulnerability Description

The UI Lock feature in qBittorrent version 3.3.15 is vulnerable to Authentication Bypass, which allows Attack to gain unauthorized access to qBittorrent functions by tampering the affected flag value of the config file at the C:\Users\<username>\Roaming\qBittorrent pathname. The attacker must change the value of the "locked" attribute to "false" within the "Locking" stanza. NOTE: This is an intended behavior. See https://github.com/qbittorrent/qBittorrent/wiki/I-forgot-my-UI-lock-password

Related Vulnerabilities

CVE-2018-1738

HIGH
CVSS:7.1(High)

IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0 could allow an authenticated user to obtain highly sensitive information or jeopardize system integrity due to improper authentication mechanisms. IBM ...

CWE-2872018

CVE-2018-4064

HIGH
CVSS:7.1(High)

An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unveri...

CWE-2872018

CVE-2020-10709

HIGH
CVSS:7.1(High)

A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2 application. Ansible Tower uses the token to provide authentication. This flaw allows an attacker to obtain a ...

CWE-2872020

CVE-2021-20593

HIGH
CVSS:7.1(High)

Incorrect Implementation of Authentication Algorithm in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.2.50 to Ver. 3.35, GB-50A Ver.2.50 to Ver. 3.35, AG-150A-A Ver.3....

CWE-2872021

CVE-2021-36949

HIGH
CVSS:7.1(High)

Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability

CWE-2872021