EXPLOIT IN UTORRENT?

[cutz]

I got this warning on another torrent site about uTorrent:

Attention uTorrent users: There is an exploit (in all previous versions including uT 2.2.1) with the WebUI. Please disable WebUI on uT until further notice. Details to follow.


Does anyone on here know anything about this? I use 2.2.1 . I'm LOW-tech and have no idea what an exploit is.

Some posted that anyone using this client should get rid of it, because your computer could be attacked.

Like this post:

This is actually a massive security risk; anyone sticking with uTorrent is an idiot. This isn't even the first attack 2.2.1 is vulnerable to, either.
And BitTorrent botched their patch to fix the issue, so even the latest uT beta is still vulnerable. Yikes.

Make the most of these tools -- it's time to ditch uTorrent
As always, create a backup of your session folder before making any changes
Seamless transition from uTorrent to qBittorrent
Seamless transition from uTorrent to Deluge

I'd recommend switching to qBittorrent or Deluge. They are all cross-platform, although unfortunately I don't think either of the transition tools work on macos. Transmission is a good macos client (I wouldn't recommend it be used on Windows) but as far as I know there are no tools available to convert your uTorrent session into something Transmission can use.

I think qBittorrent would be the best choice for most people seeking a uTorrent alternative

[dorrcoq]

Update to the newest version. I've not heard of anyone else having this issue, and there is a large percentage of users here who use uTorrent.

[lpmaskman]

Forget this bloatware. Use Deluge, Transmisson or similar opensource alternatives.

[Hucklive]

more info

https://torrentfreak.com/bittorrent-...bility-180220/

https://bugs.chromium.org/p/project-...detail?id=1524

my 2.2.1 does open port 10000 on 127.0.0.1

i cannot reproduce any of the example calls tho, but maybe i havent tried hard enuf

Any exploit would have to run on the machine that utorrent is running on. Since i run utorrent on a standalone machine with very little use of a browser i suspect i am RELATIVELY secure for now

[cutz]

Got this on Twitter.

This guy is a high tech guy with Google.




Tavis OrmandyTavis Ormandy
Tavis Ormandy
Tavis OrmandyVerified account
@taviso

Tweets
Tweets, current page.
3,069
Following
Following
425
Followers
Followers
84.2K
Likes
Likes
2,509
Follow Follow @taviso
Tavis OrmandyVerified account
@taviso
Vulnerability researcher at Google. This is a personal stream, opinions expressed are mine.
✔
@taviso
I just fixed the exploit and verified it still works. I would recommend asking BitTorrent to resolve this issue if you're affected, and it works in the default configuration so you probably are. Sigh.

4:20 PM - Feb 20, 2018
84
28 people are talking about this

[Homebrew101]

But is he discussing Utorrent or something else referred to as BitTorrent?

Quote:

Originally Posted by cutz

Got this on Twitter.

This guy is a high tech guy with Google.




Tavis OrmandyTavis Ormandy
Tavis Ormandy
Tavis OrmandyVerified account
@taviso

Tweets
Tweets, current page.
3,069
Following
Following
425
Followers
Followers
84.2K
Likes
Likes
2,509
Follow Follow @taviso
Tavis OrmandyVerified account
@taviso
Vulnerability researcher at Google. This is a personal stream, opinions expressed are mine.
✔
@taviso
I just fixed the exploit and verified it still works. I would recommend asking BitTorrent to resolve this issue if you're affected, and it works in the default configuration so you probably are. Sigh.

4:20 PM - Feb 20, 2018
84
28 people are talking about this

[lintoni]

Quote:

Originally Posted by Homebrew101

But is he discussing Utorrent or something else referred to as BitTorrent?

µTorrent is owned and maintained by BitTorrent Inc

[Homebrew101]

Quote:

Originally Posted by lintoni

µTorrent is owned and maintained by BitTorrent Inc

makes sense then, thanks

[cutz]

Instructions for closing the RPC vulnerability:
https://ptpimg.me/w8682p.png

Instructions for disabling WebUI:
https://ptpimg.me/dgydyg.png

After completing these steps, close your client and re-open it. Without restarting uTorrent, you will remain vulnerable.

To verify if you are no longer vulnerable, visit this link http://127.0.0.1:10000/ while uTorrent is running.
If you see a white page that says "invalid request", you are still vulnerable! If you get a browser error page, you're no longer vulnerable

[paddington]

Good info

[JackDog]

Quote:

Originally Posted by cutz

Instructions for disabling WebUI:
https://ptpimg.me/dgydyg.png

Great info, and thank you for the help! I'm using the current version (3.5.1) and to get to WebUI you need to click on the plus sign next to Advanced for it to show up.

[cutz]

Well, i think , from what i'm seeing/reading on another Forum torrent website, those who are using uTorrent(ALL version) should dump it for another Client.








According to taviso (the researcher who discovered the vulnerability), the net.discoverable trick does not prevent the vulnerability: [source) : https://bugs.chromium.org/p/project-...il?id=1524#c13

Instructions for closing port 10000:

https://ptpimg.me/w8682p.png

Instructions for disabling WebUI:
https://ptpimg.me/dgydyg.png

After completing these steps, close your client and re-open it.

According to taviso (the researcher who discovered the vulnerability), the net.discoverable trick does not prevent the vulnerability: [source] : https://bugs.chromium.org/p/project-...il?id=1524#c13