You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
qBittorrent: All macOS versions (at least)
OS: macOS
What is the problem?
Microsoft Defender for Endpoint is flagging all versions of qBittorrent as having a 9.8 CVE for having default web credentials rather than any randomization of password.
"All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and execute arbitrary operating system commands using the external program feature in the web user interface. This was reportedly exploited in the wild in March 2023."
For interest parties there is discussion in PR #18735 and to the linked issues inside it.
It is not necessary to merge that specific PR. You can use it as a base for your own implementation.
qBittorrent & operating system versions
qBittorrent: All macOS versions (at least)
OS: macOS
What is the problem?
Microsoft Defender for Endpoint is flagging all versions of qBittorrent as having a 9.8 CVE for having default web credentials rather than any randomization of password.
"All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and execute arbitrary operating system commands using the external program feature in the web user interface. This was reportedly exploited in the wild in March 2023."
https://nvd.nist.gov/vuln/detail/CVE-2023-30801
Steps to reproduce
None
Additional context
No response
Log(s) & preferences file(s)
No response
The text was updated successfully, but these errors were encountered: