pyrater Posted January 21, 2014 Share Posted January 21, 2014 If anyone knows how to fix please let me know, if not be aware. Found a serious bug where anyone could delete my entire libary! If you goto http://MYWANIP:32400/web/ you have full admin control over the entire library!!! WITHOUT LOGGING IN!!! This is with the "Require authentication on local networks" option check in the advanced setting as well. Please tell me that i have something configured wrong and that this isnt a huge security issue waiting for someone with a port scanner to start destroying peoples librarys! https://forums.plex.tv/index.php/topic/95727-serious-security-bug/ using: PlexMediaServer-0.9.8.18.290-11b7fdd-unRAID.txz as of right now all i have is port redirection done at the router so atleast people cannot mass scan for port 32400 and find my server. Quote Link to comment
RFehr Posted January 21, 2014 Share Posted January 21, 2014 First off, don't use port forwarding to anything that you deem important - regardless of whether the "important" resource is "password protected" or not. Instead, establish a VPN to your home network (ssl or IPSec) and manage LAN resources via the VPN. Much simpler to administer and much more secure. Port forwarding without deep knowledge of the target and ongoing diligence is just a bad idea. Quote Link to comment
pyrater Posted January 21, 2014 Author Share Posted January 21, 2014 agreed kind of makes plex remote features aka sharing worthless though. Fixed it, leaving the post here incase anyone else has this issue. Unless a mod wants me to delete it. looked into Preferences.xml there is a option called disableRemoteSecurity="1" changed it to a 0 rebooted plex and BOOM Login screen! Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.