Oddbean new post about | logout
 qBittorrent fixes flaw exposing users to MitM attacks for 14 years

qBittorrent has addressed a remote code execution flaw caused by the failure to validate SSL/TLS certificates in the application's DownloadManager, a component that manages downloads throughout the app.

The flaw, introduced in a commit on April 6, 2010, was eventually fixed in the latest release, version 5.0.1, on October 28, 2024, more than 14 years later.

However, as security researcher Sharp Security highlighted in a blog post, the team fixed a notable flaw without adequately informing the users about it and without assigning a CVE to the problem.

See more: https://www.bleepingcomputer.com/news/security/qbittorrent-fixes-flaw-exposing-users-to-mitm-attacks-for-14-years/

#cybersecurity #torrent