Project

General

Profile

Bug #2404

Unable to login to Qbittorrent: "Invalid Username or Password."

Added by taa 3 months ago. Updated 3 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Apps
Target version:
Start date:
07/19/2019
Due date:
% Done:

0%


Description

Fresh install of Amahi 11 and Qbittorrent. amahi-app-installer.log doesn't show any errors for the Qbittorrent install. I'm able to get the Qbittorrent login page OK but trying username 'admin' and password 'admin' gives "Invalid Username or Password." User megabitdragon in the IRC suggested username 'admin' and password 'adminadmin' but this didn't work either.

History

#1 Updated by cpg 3 months ago

  • Status changed from New to Feedback
  • Assignee set to taa

In irc, you said there was this error

"WebUI: Referer header & Target origin mismatch!

That's a clear red flag. Plus there is no other clue in the errors you showed.

We have seen services/apps that refuse to work if the origin browser has things that would mess with the referrer.

Could you try another browser with a more mainstream browser?

#2 Updated by taa 3 months ago

I'm using the latest version of Chrome which I thought was considered mainstream but maybe not.

I've now tried the latest versions of Firefox, Opera, Internet Explorer, Edge, as well as the usual Chrome: They all report a new problem, "Your IP address has been banned after too many failed authentication attempts."

#3 Updated by cpg 3 months ago

Oh wow. I did not realize Qbittorrent had so many "controls" against abuse, etc.

It's not really about chrome vs. others. They all respect the referrer header by default. However, some (privacy, typically) extensions do block referrer, etc. (and rightly so in many cases).

However, messing with the referrer in general breaks the monetary system of the internet, so some apps and sites refuse to work without it.

Now, I am not 100% sure that that is the issue, but you can try to uninstall and reinstall the app, then use a browser without any extension.

Also, we recommend switching to Brave or Firefox :-)

#4 Updated by taa 3 months ago

I was able to login using the qbittorrent default username 'admin' and password 'adminadmin' by:

  • editing /home/admin/.config/qBittorrent/qBittorrent.conf and completely removing the line 'WebUI\Password_ha1'
  • then doing: systemctl restart qbittorrent-nox@admin

Tested on Chrome and Firefox.

Next I tried changing the password to be 'admin' as shown in the screen capture above (qbittorrent-credentials.jpg) but when I clicked SAVE I got a popup saying it needed to be at least six characters long.

#5 Updated by bigfoot65 3 months ago

  • Status changed from Feedback to Closed

As per this site:

https://github.com/lgallard/qBittorrent-Controller/wiki/How-to-enable-the-qBittorrent-Web-UI

I removed the password entry in the conf file and changed the password on the app to adminadmin. The password length issue was probably changed at some point and we did not catch it.

Tested and closing bug as resolved.

#6 Updated by taa 3 months ago

Will you be updating the password shown on the apps page (qbittorrent-credentials.jpg)? I just checked and it's showing password 'admin' still.

#7 Updated by cpg 3 months ago

We probably should change it, however, it may not necessarily help.

If the internals of the app are well implemented, passwords are not kept in plaintext mode, but encrypted. Once encrypted, the length does not matter, unless the app checks for password integrity while the user is logging in. Again, if the app is well designed, this should not be done at login time (it gives extra information to a potential attacker, reducing the vectors that they may want to try). If the checking is done in html5 or javascript, then the attacker sees it immediately without even the need to submit.

Anyway, we should change the short default pw and use a default longer one.

#8 Updated by bigfoot65 3 months ago

It was changed on the app page. You won't see the changes until you uninstall, then reinstall.

Also available in: Atom