I'm experiencing similar problem.

Seems to be related to version.

4.6.0-1 default password works
4.6.1-1 default password doesn't work

Running mine with Podman. Deleted the /config -volume between versions.

Using a randomized password for initial login is a truly stupid idea !!!

Why do you set it a way that it requires a random password which is unable to retrieve !?!?

How to trigger password ????? What is the catch ????

@glassez @sledgehammer999 @thalieht @Kolcha

root@Lenovo-ThinkCentre-Edge--DEBIAN-SERVER ~# apt info qbittorrent-nox-qt6
Package: qbittorrent-nox-qt6
Version: 4.6.1+0-0+2.2
Priority: optional
Section: net
Source: qbittorrent
Maintainer: Nick Korotysh <kolchaprogrammer@list.ru>
Installed-Size: 10.3 MB
Depends: libc6 (>= 2.34), libgcc-s1 (>= 3.3), libqt6core6 (>= 6.4.0), libqt6network6 (>= 6.4.0), libqt6sql6 (>= 6.1.2), libqt6xml6 (>= 6.1.2), libssl3 (>= 3.0.0), libstdc++6 (>= 11), libtorrent-rasterbar2.0 (>= 2.0.9+0), zlib1g (>= 1:1.2.0), libqt6sql6-sqlite
Conflicts: qbittorrent-nox
Homepage: https://www.qbittorrent.org/
Download-Size: 6,742 kB
APT-Manual-Installed: yes
APT-Sources: http://download.opensuse.org/repositories/home:/MartinVonReichenberg:/branches:/home:/nikoneko:/test/Debian_12  Packages
Description: bittorrent client based on libtorrent-rasterbar (without X support)
 BitTorrent client written in C++ and based on libtorrent-rasterbar.
 qBittorrent-nox is a version of qBittorrent (Qt6 application) that does not
 require X and can be controlled via a WebUI, thus is more suitable for
 headless servers. It is a feature rich but lightweight client that is very
 similar to rTorrent. Its main features are:
 .
  * Remote control through a Web user interface
  * Vuze-compatible protocol encryption
  * uTorrent-compatible Peer eXchange (PeX)
  * DHT (trackerless) support
  * UPnP / NAT-PMP port forwarding
  * IPv6 compliant
  * Advanced control over torrent content and trackers
  * IP Filtering (eMule / Peer Guardian filters)
  * Torrents queueing and prioritizing
  * Good localization (~25 languages supported)
  * Unicode support

root@Lenovo-ThinkCentre-Edge--DEBIAN-SERVER ~# systemctl status qbittorrent-nox@root.service
● qbittorrent-nox@root.service - qBittorrent-nox service for user root
     Loaded: loaded (/lib/systemd/system/qbittorrent-nox@.service; enabled; preset: enabled)
     Active: active (running) since Sun 2023-11-26 18:32:01 CET; 9min ago
       Docs: man:qbittorrent-nox(1)
   Main PID: 1303 (qbittorrent-nox)
      Tasks: 9 (limit: 4464)
     Memory: 16.7M
        CPU: 1.305s
     CGroup: /system.slice/system-qbittorrent\x2dnox.slice/qbittorrent-nox@root.service
             └─1303 /usr/bin/qbittorrent-nox

Nov 26 18:32:01 Lenovo-ThinkCentre-Edge--DEBIAN-SERVER systemd[1]: Started qbittorrent-nox@root.service - qBittorrent-nox service for user root.

So folks, @1982606762 , @hannut

the only workaround for now is after fresh install of qBittorrent-NOX 4.6.1, make sure the service qbittorrent-nox is disabled and stopped using systemctl.

Run the program from the command line:

root@Lenovo-ThinkCentre-Edge--DEBIAN-SERVER / [3]# qbittorrent-nox

*** Legal Notice ***
qBittorrent is a file sharing program. When you run a torrent, its data will be made available to others by means of upload. Any content you share is your sole responsibility.

No further notices will be issued.

Press 'y' key to accept and continue...
y
WebUI will be started shortly after internal preparations. Please wait...

******** Information ********
To control qBittorrent, access the WebUI at: http://localhost:8080

The WebUI administrator username is: admin
The WebUI administrator password was not set. A temporary password is provided for this session: bXAMr37Sf
You should set your own password in program preferences.

The output of the initial start should give you a login password into the qBittorrent-NOX Web UI.

It is something systemctl status qbittorrent-nox@$USER.service output will not show you:

root@Lenovo-ThinkCentre-Edge--DEBIAN-SERVER /# systemctl status qbittorrent-nox@root.service
● qbittorrent-nox@root.service - qBittorrent-nox service for user root
     Loaded: loaded (/lib/systemd/system/qbittorrent-nox@.service; disabled; preset: enabled)
     Active: active (running) since Sun 2023-11-26 22:53:59 CET; 1s ago
       Docs: man:qbittorrent-nox(1)
   Main PID: 12261 (qbittorrent-nox)
      Tasks: 10 (limit: 4464)
     Memory: 15.5M
        CPU: 283ms
     CGroup: /system.slice/system-qbittorrent\x2dnox.slice/qbittorrent-nox@root.service
             └─12261 /usr/bin/qbittorrent-nox

Nov 26 22:53:59 Lenovo-ThinkCentre-Edge--DEBIAN-SERVER systemd[1]: Started qbittorrent-nox@root.service - qBittorrent-nox service for user root.

Additionally you can use these pre-built packages from my Open Build Service server repository for either Debian or Ubuntu.

Have a lot of fun!

So folks, @1982606762 , @hannut

the only workaround for now is after fresh install of qBittorrent-NOX 4.6.1, make sure the service qbittorrent-nox is disabled and stopped using systemctl.

Run the program from the command line:

root@Lenovo-ThinkCentre-Edge--DEBIAN-SERVER / [3]# qbittorrent-nox

*** Legal Notice ***
qBittorrent is a file sharing program. When you run a torrent, its data will be made available to others by means of upload. Any content you share is your sole responsibility.

No further notices will be issued.

Press 'y' key to accept and continue...
y
WebUI will be started shortly after internal preparations. Please wait...

******** Information ********
To control qBittorrent, access the WebUI at: http://localhost:8080

The WebUI administrator username is: admin
The WebUI administrator password was not set. A temporary password is provided for this session: bXAMr37Sf
You should set your own password in program preferences.

The output of the initial start should give you a login password into the qBittorrent-NOX Web UI.

It is something systemctl status qbittorrent-nox@$USER.service output will not show you:

root@Lenovo-ThinkCentre-Edge--DEBIAN-SERVER /# systemctl status qbittorrent-nox@root.service
● qbittorrent-nox@root.service - qBittorrent-nox service for user root
     Loaded: loaded (/lib/systemd/system/qbittorrent-nox@.service; disabled; preset: enabled)
     Active: active (running) since Sun 2023-11-26 22:53:59 CET; 1s ago
       Docs: man:qbittorrent-nox(1)
   Main PID: 12261 (qbittorrent-nox)
      Tasks: 10 (limit: 4464)
     Memory: 15.5M
        CPU: 283ms
     CGroup: /system.slice/system-qbittorrent\x2dnox.slice/qbittorrent-nox@root.service
             └─12261 /usr/bin/qbittorrent-nox

Nov 26 22:53:59 Lenovo-ThinkCentre-Edge--DEBIAN-SERVER systemd[1]: Started qbittorrent-nox@root.service - qBittorrent-nox service for user root.

Additionally you can use these pre-built packages from my Open Build Service server repository for either Debian or Ubuntu.

Have a lot of fun!

My only problem is that even after a fresh reinstall, I dont get a legal disclaimer or random password, just the address.

Hello,

Most issues related to the initial login into the qBittorrent-NOX have been addressed (in newer stable versions of qBittorrent) and thus this information has become somewhat irrelevant nowadays.
However, if you use the qbittorrent-nox command it should write you the password of admin login with the newly generated randomized password right into the console (terminal).

Or you can use SystemD service using systemctl enable --now qbittorrent-nox@[user].service then systemctl status qbittorrent-nox@[user].service and you should see the password printed there as well.

The password then can be changed at any time inside the qBittorrent-NOX Web UI.

Does this address your current issue?

Unfortunately when I follow those steps, the last line I see is "To control qbittorrent, access the webUI at: http://localhost:8080 but no password, I did see during the initial install the displayed much more info, this is after uninstalling and reinstalling. I may need to reinstall linux =/

Unfortunately when I follow those steps, the last line I see is "To control qbittorrent, access the webUI at: http://localhost:8080 but no password, I did see during the initial install the displayed much more info, this is after uninstalling and reinstalling. I may need to reinstall linux =/

@DeeJaayMac, Do this:

Stop & Disable the SystemD service:
systemctl disable --now qbittorrent@[USER].service

Uninstall qBitTorrent using your package manager ->

Remove any residential files:
rm -vfdr ~/.cache/qBittorrent/ ~/.config/qBittorrent/ ~/.local/share/qBittorrent/

Make sure there are no removable files found:
find "/" | sort | grep -ie "qbittorrent"

Install qBitTorrent again using your package manager ->

Start & re-enable the SystemD service from over again:
systemctl enable --now qbittorrent@[USER].service

The randomized password should be mentioned at the right bottom part of the output text . . .

Can you please explain why you think adding a random password for a home user install that can only be retrieved by digging into logs or running the command as a one off from cli was a good idea?

What exactly are you trying to protect against for home users? Heck I haven't even seen enterprise software that does something this strange.

I am really curious what problem you think you were fixing by doing this.

Unfortunately when I follow those steps, the last line I see is "To control qbittorrent, access the webUI at: http://localhost:8080 but no password, I did see during the initial install the displayed much more info, this is after uninstalling and reinstalling. I may need to reinstall linux =/

@DeeJaayMac, Do this:

Stop & Disable the SystemD service:
systemctl disable --now qbittorrent@[USER].service

Uninstall qBitTorrent using your package manager ->

Remove any residential files:
rm -vfdr ~/.cache/qBittorrent/ ~/.config/qBittorrent/ ~/.local/share/qBittorrent/

Make sure there are no removable files found:
find "/" | sort | grep -ie "qbittorrent"

Install qBitTorrent again using your package manager ->

Start & re-enable the SystemD service from over again:
systemctl enable --now qbittorrent@[USER].service

The randomized password should be mentioned at the right bottom part of the output text . . .

This 99% worked for me, got me what i needed. I don't mind the random password, I know why it's used.

Can you please explain why you think adding a random password for a home user install that can only be retrieved by digging into logs or running the command as a one off from cli was a good idea?

What exactly are you trying to protect against for home users? Heck I haven't even seen enterprise software that does something this strange.

I am really curious what problem you think you were fixing by doing this.

The biggest problem is, once the random password is used and you forget to change it for yourself, the problem with showing another one, as of now, occurs.

Can you please explain why you think adding a random password for a home user install that can only be retrieved by digging into logs or running the command as a one off from cli was a good idea?

What exactly are you trying to protect against for home users? Heck I haven't even seen enterprise software that does something this strange.

I am really curious what problem you think you were fixing by doing this.

I say it is:
„Just another kind of paranoia.“

• Possible RCE being exploited  #18731
• CVE-2023-30801 Base Score: 9.8 CRITICAL
• Lots of real user reports of it being exploited.

Still not enough for you, guys?

• Possible RCE being exploited  #18731
• CVE-2023-30801 Base Score: 9.8 CRITICAL
• Lots of real user reports of it being exploited.

Still not enough for you, guys?

Hell no,
However,
A more convenient solution would be logging in and being prompted to enter a custom password.
After all, it is one's responsibility if anybody gets exploited because of password and if he/she doesn't feel like using any password - it is very likely that the person has nothing to hide X nothing to loose.

Hell no,

Hell yes. The old way was objectively bad. Security > convinience.

A more convenient solution would be logging in and being prompted to enter a custom password.

This could be a further improvement. Although, it should be implemented properly, as a malicious actor still can get there faster than actual user.

It is pretty basic to not expose a new install until you are secure. If people are too lazy/dumb thats on them. You can't fix stupid.

It is not always possible. E.g. you may have the client running on a remote server, and to log in you need to expose it to the web.

I think the main problem here is that we can't set the password outside of the client. Making it possible to set the password via CLI and/or environmant variable could resolve the issue.

Kinda insane this is still an issue...

Even disabling and reinstalling doesn't help:

I resolved by adding to qBittorrent.conf:

[Preferences] WebUI\Password_PBKDF2="@ByteArray(ARQ77eY1NUZaQsuDHbIMCA==:0WMRkYTUWVT9wVvdDtHAjU9b3b7uB8NR1Gur2hmQCvCDpm39Q+PsJRJPaCU51dEiz+dTzh8qbPsL8WkFljQYFQ==)"

After that I can login with admin / adminadmin

Even disabling and reinstalling doesn't help:

Remove any residual files:
rm -vfdr ~/.cache/qBittorrent/ ~/.config/qBittorrent/ ~/.local/share/qBittorrent/

#18686 (comment)

so fking feature for random password for admin !!!

This issue came up on qBittorrent v4.5.2 on Raspberry Pi

@CheaterUA 's workround changed the password to adminadmin and this is shown if I run qbittorrent-nox but that doesn't log in to the UI

commenting out the relevant line in qBittorrent.conf or restarting the service seems to have no effect, shouldn't it generate a randoms password and tell me this in the output of the qbittorrent-nox command?

I feel the webgui should say what is happening and that I should be able to fix it with sudo access

I worry that the password isn't working due to some issue like browser cache and that in fact attackers now can access with adminadmin

EDIT: that last point certainly shouldn't have worked! but it did: Ctrl+F5ing the page didn't make admin / adminadmin work but it did let me log in again as the ordinary user. Hazards of webguis I guess. Be nice if I could create users, and torrents for that matter, in CLI.