Search the Community
Showing results for tags 'vulnerability'.
Found 2 results
-
Password Protected User Can Log In Without Password (Docker)
a1pilot posted a topic in General/Windows
Morning, I have three users setup on my Emby server (Debian). Two are humans who need to log in or they cannot gain access. The third is a ghost account to allow DLNA access on my LAN. My problem is that although I've setup the DLNA user with a password, if I use a mobile connection to my server web interface to simulate WAN access, I can enter only the username and login without a password. This is potentially a major security hole. I've checked the settings against the human users and they are identical, plus I've restarted the server just in case something didn't take. To troubleshoot, I created a fourth user identical to one of the humans, but without a password. As expected, a remote connection can login with just the username. I then set a password and you can still login without a password. It's as if the password is ignored. Any ideas? Thanks -
So I found a pretty big issue today while signing into Emby. I changed my Emby password yesterday, but when I went to sign on today I accidentally used my old password and my old password STILL WORKED! I am able to sign in with both my old AND new password. I feel like this is a pretty big security flaw. While writing this, I'm starting to question whether or not this is a bug. My old Emby user password was the same as my connect password, so are you able to sign into your Emby user account on the web dashboard (this one, specifically: https://memester.cf/u/rrqj90.png) usingyour connect password?
