fc7 123 Posted August 28, 2015 Posted August 28, 2015 (edited) I just noticed in Emby 3.0.7013.4 (latest beta) that using webclient for server administratior or media playback, when the user logs out if you clic on "Manual Login" the last user username but more importantly also he password are already filled. I'm not sure if this was the same no previous versions or not. This might pose a security risk in the scenario that the last logged user was a server administrator but it will also have other implications and risks when you use different users for parental control or library access. The issue is more evident if you only use manual login for all your users (hidding them from the login page). Repro steps: Login with any username in the webclient Logout using the logout button. The webclient will return to the login screen. Clic on "Manual Login" and you will see the user credentials of the last logged user already filled in, including it's password. Clic on "Log In" and it will go ahead and log you in with the last user credentials. Thanks. Edited August 28, 2015 by fc7
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now