Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Plex: Serious Security Bug

Featured Replies

If anyone knows how to fix please let me know, if not be aware.

 

 

Found a serious bug where anyone could delete my entire libary! If you
goto http://MYWANIP:32400/web/ you have full admin control over the
entire library!!! WITHOUT LOGGING IN!!! This is with the "Require
authentication on local networks" option check in the advanced setting
as well.

Please tell me that i have something configured wrong and that this
isnt a huge security issue waiting for someone with a port scanner to
start destroying peoples librarys!

https://forums.plex.tv/index.php/topic/95727-serious-security-bug/

 

using: PlexMediaServer-0.9.8.18.290-11b7fdd-unRAID.txz

as of right now all i have is port redirection done at the router so atleast people cannot mass scan for port 32400 and find my server.

First off, don't use port forwarding to anything that you deem important - regardless of whether the "important" resource is "password protected" or not.  Instead, establish a VPN to your home network (ssl or IPSec) and manage LAN resources via the VPN.  Much simpler to administer and much more secure.

 

Port forwarding without deep knowledge of the target and ongoing diligence is just a bad idea.

 

 

 

 

  • Author

agreed kind of makes plex remote features aka sharing worthless though.

 

Fixed it, leaving the post here incase anyone else has this issue. Unless a mod wants me to delete it.

 

looked into Preferences.xml there is a option called disableRemoteSecurity="1"  changed it to a 0 rebooted plex and BOOM Login screen!

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.