qBittorrent fixes flaw exposing users to MitM attacks for 14 years
qBittorrent has addressed a remote code execution flaw caused by the failure to validate SSL/TLS certificates in the application's DownloadManager, a component that manages downloads throughout the app.
The flaw, introduced in a commit on April 6, 2010, was eventually fixed in the latest release, version 5.0.1, on October 28, 2024, more than 14 years later.
However, as security researcher Sharp Security highlighted in a blog post, the team fixed a notable flaw without adequately informing the users about it and without assigning a CVE to the problem.
See more: https://www.bleepingcomputer.com/news/security/qbittorrent-fixes-flaw-exposing-users-to-mitm-attacks-for-14-years/
#cybersecurity #torrent
zCat
npub1zm…5pnd6
2024-11-01 08:28:35
Author Public Key
npub1zm7jduqq2nmxz5wxh4ujtm00g9vxzqa0r82yt7flvm67yje5gfaqa5pnd6Seen on
wss://relay.damus.ioPublished at
2024-11-01 08:28:35Event JSON
{
"id": "c65d790b22b3f0bd013405bed7e50e9f80893a3c778d65cfe0b134938a20f3b5",
"pubkey": "16fd26f00054f66151c6bd7925edef41586103af19d445f93f66f5e24b34427a",
"created_at": 1730449715,
"kind": 1,
"tags": [
[
"t",
"cybersecurity"
],
[
"t",
"torrent"
],
[
"r",
"https://www.bleepingcomputer.com/news/security/qbittorrent-fixes-flaw-exposing-users-to-mitm-attacks-for-14-years/"
]
],
"content": "qBittorrent fixes flaw exposing users to MitM attacks for 14 years\n\nqBittorrent has addressed a remote code execution flaw caused by the failure to validate SSL/TLS certificates in the application's DownloadManager, a component that manages downloads throughout the app.\n\nThe flaw, introduced in a commit on April 6, 2010, was eventually fixed in the latest release, version 5.0.1, on October 28, 2024, more than 14 years later.\n\nHowever, as security researcher Sharp Security highlighted in a blog post, the team fixed a notable flaw without adequately informing the users about it and without assigning a CVE to the problem.\n\nSee more: https://www.bleepingcomputer.com/news/security/qbittorrent-fixes-flaw-exposing-users-to-mitm-attacks-for-14-years/\n\n#cybersecurity #torrent",
"sig": "c53c4bfd2b22444683fd8eb0ecf78024994d74ad64d80c94d5829ab502f27c0b404910bf6f0ed43726fa9b3c92a8d011e01ced9c55a4a69eba831bd99315a778"
}