Aktuelles
Expert Comment: 14 years of cvberattack exposure - qBittorrent flaw finally fixed
November 2024 by Sylvain Cortes, VP Strategy at Hackuity
A critical security flaw has been identified in qBittorrent, impacting versions 3.2.1 to 5.0.0, which enables attackers to execute remote code (RCE) through various methods of exploitation. This vulnerability, which has been present and undetected since April 2010, allows attackers to inject harmful scripts and run arbitrary code on systems using the affected versions. This issue stems from the software’s indiscriminate acceptance of certificates—including expired, self-signed, or malicious ones—leaving the door wide open for man-in-the-middle (MITM) attacks. Sylvain Cortes, VP Strategy, Hackuity comments:
“What’s most worrying about this critical qBittorrent vulnerability is the lengthy amount of time that it has gone unnoticed – but not surprising, given that 80% of cyberattacks use a vulnerability published half a decade ago.
Having accepted any form of certificate, whether expired, self-signed, malicious or genuine, the vulnerability puts users at high risk, leaving the door wide open to multiple man-in-the-middle attacks, such as the theft of data or infectious malware.
Users should be particularly vigilant with this one. The advice is simple – prioritise, patch, and fast!"
