All qBittorrent users are urged to update to 5.0.1, downloading it directly from https://qbittorrent.org (not by using the built-in updater!) due to a RCE bug in all other allowed versions.
Due to a bad choice back in 2010, qBittorrent does not check ANY SSL/TLS certificates. Due to this and other flaws, it opens up a risk of a Man-In-The-Middle attack that is then used as a Remote Code Execution, with either minimal or no user interaction required.
Included in the bad processes are the update check AND download, RSS feeds, favicons, automatic Python download on Windows, and the Maxmind GeoIP database update.
More details from the released information here: https://sharpsec.run/rce-vulnerability-in-qbittorrent/
Update native qBittorent to 5.0.1 version please.
Remote Code Execution vulnerability in ALL versions of qBittorrent before 5.0.1
Re: Remote Code Execution vulnerability in ALL versions of qBittorrent before 5.0.1
Thank you for the reminder and we will continue to monitor and discuss plans.
To contact our team, please send email to following addresses, remember to replace (at) with @:
Technical team: support(at)terra-master.com (for technical support)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
Technical team: support(at)terra-master.com (for technical support)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
