Search the Community

An advice and request: Kindly send email notifications, at least to paid/premium customers if such event happen in future. This may help increase your revenue stream as well.

Hello, I want to notify you that for the moment my Windows operating system server was not affected by the vulnerability, everything works normally. Since I became aware of the serious problem with the vulnerability, I have adopted some measures, first I eliminated all the users who had privileges to administer the server and I created new users to transmit local and remote streaming without a password but without no privilege to manage my server, at the same time I also created a new user with administrator privileges to exclusively manage the server but never use it to stream on the local network, nor remote streaming. Also, for the new exclusive user to administer the server, I configured the option to not allow remote connections to that user, so that user is only accessible from the computer where the server is installed. For all this that I am explaining to you, I ask you if it is safe for me to use all the users to do local and remote streaming without the privilege of managing my server, and that I have an exclusive user to manage the server with the remote connection disabled and also hidden from all local and remote clients, in this way the exclusive users for streaming can continue working without any password. Since it is very annoying to have to be typing passwords in the local network. Besides, I use the Beta version for windows with the current version 4.8.0.37 and I think that the vulnerability affected the stable version more. ¿Can I safely continue to use all users without exclusive passwords for streaming, but without any privileges to administer the server, and with another unique user exclusive to administer the server with the remote connection disabled, and hidden from all local clients and blunt?

Morning, I have three users setup on my Emby server (Debian). Two are humans who need to log in or they cannot gain access. The third is a ghost account to allow DLNA access on my LAN. My problem is that although I've setup the DLNA user with a password, if I use a mobile connection to my server web interface to simulate WAN access, I can enter only the username and login without a password. This is potentially a major security hole. I've checked the settings against the human users and they are identical, plus I've restarted the server just in case something didn't take. To troubleshoot, I created a fourth user identical to one of the humans, but without a password. As expected, a remote connection can login with just the username. I then set a password and you can still login without a password. It's as if the password is ignored. Any ideas? Thanks

So I found a pretty big issue today while signing into Emby. I changed my Emby password yesterday, but when I went to sign on today I accidentally used my old password and my old password STILL WORKED! I am able to sign in with both my old AND new password. I feel like this is a pretty big security flaw. While writing this, I'm starting to question whether or not this is a bug. My old Emby user password was the same as my connect password, so are you able to sign into your Emby user account on the web dashboard (this one, specifically: https://memester.cf/u/rrqj90.png) usingyour connect password?