Jump to content

Invite Scene - #1 to Buy, Sell, Trade or Find Free Torrent Invites

#1 TorrentInvites Community. Buy, Sell, Trade or Find Free Torrent Invites for Every Private Torrent Trackers. HDB, BTN, AOM, DB9, PTP, RED, MTV, EXIGO, FL, IPT, TVBZ, AB, BIB, TIK, EMP, FSC, GGN, KG, MTTP, TL, TTG, 32P, AHD, CHD, CG, OPS, TT, WIHD, BHD, U2 etc.

LOOKING FOR HIGH QUALITY SEEDBOX? EVOSEEDBOX.COM PROVIDES YOU BLAZING FAST & HIGH END SEEDBOXES | STARTING AT $5.00/MONTH!

Classix: News


Len

Recommended Posts

The BitTorrent Engineering Blog

Notes from the front lines of BitTorrent innovation

HTTP/RPC Security Vulnerabilities Resolved in uTorrent, BitTorrent and uTorrent Web.

A fix for multiple vulnerabilities affecting all uTorrent, BitTorrent and uTorrent Web Windows users is now available for immediate download at the links below. We must stress that while this is a vulnerability that can be exploited to trigger unauthorized downloads to take place, BitTorrent Inc. is not aware of any incidents related to these vulnerabilities. As always, we highly encourage all of our customers to stay up to date. Android and Mac users are not affected by the reported vulnerabilities.

Download the latest builds:

uTorrent Stable 3.5.3.44358
Bittorrent Stable 7.10.3.44359
uTorrent Beta 3.5.3.44352
uTorrent Web 0.12.0.502

The team began rolling out the update to beta uTorrent Windows users via the auto update mechanism on Feb 16, 2018. As of today, Feb 22, 2018, the rollout for beta users has concluded and the stable rollout has started. Included in the latest builds are fixes to the way uTorrent and uTorrent Web authenticate WebUI requests and generate session and authentication tokens. In addition to this, the updates clamp down on guest account access limits and enforce more checks on potentially malicious HTTP headers sent to the client.

Customers and developers of 3rd-party applications that rely on the default-open state of port 10000 should be aware that moving forward, clients will no longer be discoverable over port 10000. Pairing negotiation is now only allowed over a mutually agreed upon port. Customers can set this port manually by enabling WebUI functionality via Advanced->WebUI-> Enable Web UI and then specifying a port under the Connectivity section.


WebUISettings


uTorrent 3.5.3 For Windows (build 44358)

February 22, 2018

– Use proper device pairing password when updating device info graphic
– Point Remote “Learn More” link to better URL
– Disable localhost/search lookup when making searches. Do not rely on the localhost port-10k discoverability
– Use a CRNG as a WebUI token source
– Require device/service pairing or standard webui authentication for the /proxy endpoint
– Sanity check Host header on HTTP requests
– Remove automatic discoverability feature over port 10000. The setting net.discoverable no longer exists.
– WebUI action getsettings is only allowed for fully authenticated user (not guest)
– Fix crash when sending malformed requests to /fileserve
– Fix forced re-install mode when same version is already installed
– Set uninstaller prompt dialog title
– Remove Nexway cart URLs
– License key information is no longer exposed via WebUI

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Check out what our members are saying

  • Our picks

×
×
  • Create New...