ReelFliX : News

Remote Code Execution vulnerability in ALL versions of qBittorrent before 5.0.1


All qBittorrent users are urged to update to 5.0.1, downloading it directly from https:// qbittorrent org (not by using the built-in updater!) due to a RCE bug in all other allowed versions.

Due to a bad choice back in 2010, qBittorrent does not check ANY SSL/TLS certificates. Due to this and other flaws, it opens up a risk of a Man-In-The-Middle attack that is then used as a Remote Code Execution, with either minimal or no user interaction required.

Included in the bad processes are the update check AND download, RSS feeds, favicons, automatic Python download on Windows, and the Maxmind GeoIP database update.

Wondering about seedboxes providing 4.3.9 version of qbittorrent for ages and still sticking with the same.

I think seedboxes turned automatic into the new interface, https://imgur.com/KVt6cKQ