Techly NewsGet the app

Get the latest tech news

RCE Vulnerability in QBittorrent


In qBittorrent, the DownloadManager class has ignored every SSL certificate validation error that has ever happened, on every platform, for 14 years and 6 months since April 6 2010 with commit 9824d86. The default behaviour changed to verifying on October 12 2024 with commit 3d9e971.

In qBittorrent, the DownloadManager class has ignored every SSL certificate validation error that has ever happened, on every platform, for 14 years and 6 months since April 6 2010 with commit 9824d86. If you are running an installed version of qBittorrent on Windows or Linux and not an `appImage` file, then it will conduct an update check by default on launch, and this entails downloading an RSS feed from a hardcoded URL in the form of an XML document to parse the information about program releases: People dismiss attacks requiring MITM access as theoretical, dangerously forgetting the lessons of recent history, and present realities in non-free countries like China, UAE and Kazakhstan.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of RCE vulnerability

RCE vulnerability

Photo of QBittorrent

QBittorrent

Related news:

News photo

Unauthenticated, RCE vulnerability in Palo Alto firewalls, exploits in the wild

« LA housing authority confirms breach claimed by Cactus ransomware
Show HN: Holos – Configure Helm and Kustomize Holistically with Cue »