search

qbittorrent / qBittorrent

qBittorrent BitTorrent client
https://www.qbittorrent.org
Other
28.39k stars 3.99k forks source link

I have trouble to login with default user and password. admin /adminadmin. I have latest ver installed on truenas scale. #19998

Closed Papalardi closed 12 months ago

Papalardi commented 12 months ago

I have trouble to login with default user and password. admin /adminadmin. I have latest ver installed on truenas scale.

Originally posted by @Papalardi in https://github.com/qbittorrent/qBittorrent/discussions/19996

glassez commented 12 months ago

I have trouble to login with default user and password. admin /adminadmin. I have latest ver installed on truenas scale.

https://www.qbittorrent.org/news There are no default credentials anymore.

Papalardi commented 12 months ago

there is no pass in qBittorrent.conf.

Papalardi commented 12 months ago

"Those will not be accepted now and qBittorrent will generate a random password and output it in the console for you to use." is this referring to " qBittorrent.conf " ?

xanadu35 commented 12 months ago

Hey devs, can you please stop fuckin my NAS on every big updates please ? and provide us a way to reset the password or the conf key to remove password protection ? Thank you for the good work.

odaty commented 12 months ago

The randomly generated code is letting me login is it still admin plus that password?

Papalardi commented 12 months ago

The randomly generated code is letting me login is it still admin plus that password?

Did you find the pass?

xanadu35 commented 12 months ago

Ok as a workaround I downgraded to 4.6.0, setted a new password then updated back to 4.6.1.

LoweredHippo commented 12 months ago

what if the console doesnt show a password? tried reinstalling but didnt work

Papalardi commented 12 months ago

Ok as a workaround I downgraded to 4.6.0, setted a new password then updated back to 4.6.1.

Only 4.6.1 is available on truenas scale.

dreadfulangry commented 12 months ago

https://github.com/linuxserver/docker-qbittorrent/issues/268#issuecomment-1820933356

Make this change, it will let you login using your default credentials so you can update to a new set.

Dev team - love you but please consider many of us use APIs via docker to interact with our clients and the bridge NAT will lock us out persistently with such a change if we are running Watchtower..

Roxedus commented 12 months ago

Crazy to blame app devs for a users bad update practices

sledgehammer999 commented 12 months ago

Hey devs, can you please stop fuckin my NAS on every big updates please ? and provide us a way to reset the password or the conf key to remove password protection ?

Why do you run your NAS with default credentials?

sledgehammer999 commented 12 months ago

Duplicate of #19984

sledgehammer999 commented 12 months ago
  1. Read the News section on our site. It specifically tells you how to get the temporary password.
  2. Currently there is a bug if you're running docker. We are aware of this and will post a fix.
  3. For the time being downgrade to 4.6.0. Set a new password and upgrade to 4.6.1 again.
  4. Follow progress on #19984
glassez commented 12 months ago

As far as I remember, the announcement that the default credentials will soon become invalid was officially made even before the release of v4.6.0.

xanadu35 commented 12 months ago

Hey devs, can you please stop fuckin my NAS on every big updates please ? and provide us a way to reset the password or the conf key to remove password protection ?

Why do you run your NAS with default credentials?

because I'm on secured unreachable network and I don't need application security for my context but yes it's a bad behavior

xanadu35 commented 12 months ago

Crazy to blame app devs for a users bad update practices

devs don't have to judge users practices, but have to think about how change will impact users, specially when you change application behavior even if it's for users sake.

xanadu35 commented 12 months ago

linuxserver/docker-qbittorrent#268 (comment)

Make this change, it will let you login using your default credentials so you can update to a new set.

Dev team - love you but please consider many of us use APIs via docker to interact with our clients and the bridge NAT will lock us out persistently with such a change if we are running Watchtower..

same with shepherd :)

xanadu35 commented 12 months ago

As far as I remember, the announcement that the default credentials will soon become invalid was officially made even before the release of v4.6.0.

people managing their plateforms with auto container updates services (Watchtower, Shepherd) don't read the announcement because they don't even know when there is an update. It's not a very good practice to auto updates without reading announcement for sure, but everything is trending more and more to automation sadly. (forgive my english, auto-corrector not installed for this language)

glassez commented 12 months ago

people managing their plateforms with auto container updates services (Watchtower, Shepherd) don't read the announcement because they don't even know when there is an update.

Then it should be the responsibility of these services (their developers). Surely we couldn't leave the security problem open just because fixing it might cause some inconvenience to users?

xanadu35 commented 12 months ago

people managing their plateforms with auto container updates services (Watchtower, Shepherd) don't read the announcement because they don't even know when there is an update.

Then it should be the responsibility of these services (their developers). Surely we couldn't leave the security problem open just because fixing it might cause some inconvenience to users?

and you're totaly true on that point, it's just tools or migration procedures should have been prepared to help with issues, like idk "reset password functionality" or "conf key" to set-up, even if it's nearly impossible to guess all possible usecases as users behaviors are unpredictable, I know. Thanks a lot for your hard work and for being reactive.

sledgehammer999 commented 12 months ago

because I'm on secured unreachable network and I don't need application security for my context but yes it's a bad behavior

Then consider setting up IP subnet whitelisting and enabling Bypass authentication for clients in whitelisted IP subnets in the WebUI settings.

xanadu35 commented 11 months ago

because I'm on secured unreachable network and I don't need application security for my context but yes it's a bad behavior

Then consider setting up IP subnet whitelisting and enabling Bypass authentication for clients in whitelisted IP subnets in the WebUI settings.

It's a really good idea but tbh I'm not really confident with IPv6 subnets atm... neither confident with docker networks at all ! -_-'

Holz167 commented 2 months ago

Ok erm, so where is the password stored please?

thalieht commented 2 months ago

Ok erm, so where is the password stored please?

Config file but its encrypted:

[Preferences]
WebUI\Password_PBKDF2=

You can also do this https://github.com/qbittorrent/qBittorrent/issues/20533#issuecomment-1988178203 or this https://github.com/qbittorrent/qBittorrent/issues/19998#issuecomment-1824458887 Something like:

[Preferences]
WebUI\AuthSubnetWhitelist=192.168.1.0/24