Flagged CVE for qbittorrent from (at least) Microsoft Defender #19738
Comments
|
For interest parties there is discussion in PR #18735 and to the linked issues inside it. |
sledgehammer999
added
Security
|
Addressed with #19777 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
qBittorrent & operating system versions
qBittorrent: All macOS versions (at least)
OS: macOS
What is the problem?
Microsoft Defender for Endpoint is flagging all versions of qBittorrent as having a 9.8 CVE for having default web credentials rather than any randomization of password.
"All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and execute arbitrary operating system commands using the external program feature in the web user interface. This was reportedly exploited in the wild in March 2023."
https://nvd.nist.gov/vuln/detail/CVE-2023-30801
Steps to reproduce
None
Additional context
No response
Log(s) & preferences file(s)
No response
The text was updated successfully, but these errors were encountered: