Jump to content

[Security Issue] Using Home Button Makes PIN Bypass Possible


Recommended Posts

Posted
Quote

In that previous thread, @Luke mentioned that Emby should automatically time out after 10 minutes, but that's not working as intended.

Hi, what app version number have you tried with?

Tigga5
Posted
14 hours ago, Luke said:

Hi, what app version number have you tried with?

I've tested multiple Android releases up to the current Play Store release of 3.5.16, and the PIN bypass via the Home button issue is present in all of them.

  • 5 months later...
Posted (edited)

@Luke Any plans to address this now that it's been over 8 months since it was first reported? This is still a critical security gap on v3.5.36.

The app isn't forcing a re-authentication check when resuming from the background via the Home button, completely breaking user profile isolation (and making it trivial for kids to access admin/parent profiles). Can we get an update on fixing the resume/focus lifecycle hooks for the Android app?

Edited by Tigga5

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...