January 21, 201412 yr If anyone knows how to fix please let me know, if not be aware. Found a serious bug where anyone could delete my entire libary! If you goto http://MYWANIP:32400/web/ you have full admin control over the entire library!!! WITHOUT LOGGING IN!!! This is with the "Require authentication on local networks" option check in the advanced setting as well. Please tell me that i have something configured wrong and that this isnt a huge security issue waiting for someone with a port scanner to start destroying peoples librarys! https://forums.plex.tv/index.php/topic/95727-serious-security-bug/ using: PlexMediaServer-0.9.8.18.290-11b7fdd-unRAID.txz as of right now all i have is port redirection done at the router so atleast people cannot mass scan for port 32400 and find my server.
January 21, 201412 yr First off, don't use port forwarding to anything that you deem important - regardless of whether the "important" resource is "password protected" or not. Instead, establish a VPN to your home network (ssl or IPSec) and manage LAN resources via the VPN. Much simpler to administer and much more secure. Port forwarding without deep knowledge of the target and ongoing diligence is just a bad idea.
January 21, 201412 yr Author agreed kind of makes plex remote features aka sharing worthless though. Fixed it, leaving the post here incase anyone else has this issue. Unless a mod wants me to delete it. looked into Preferences.xml there is a option called disableRemoteSecurity="1" changed it to a 0 rebooted plex and BOOM Login screen!
Archived
This topic is now archived and is closed to further replies.