Jump to content

[Security Issue] Using Home Button Makes PIN Bypass Possible


Recommended Posts

Posted
Quote

In that previous thread, @Luke mentioned that Emby should automatically time out after 10 minutes, but that's not working as intended.

Hi, what app version number have you tried with?

Tigga5
Posted
14 hours ago, Luke said:

Hi, what app version number have you tried with?

I've tested multiple Android releases up to the current Play Store release of 3.5.16, and the PIN bypass via the Home button issue is present in all of them.

  • 5 months later...
Posted (edited)

@Luke Any plans to address this now that it's been over 8 months since it was first reported? This is still a critical security gap on v3.5.36.

The app isn't forcing a re-authentication check when resuming from the background via the Home button, completely breaking user profile isolation (and making it trivial for kids to access admin/parent profiles). Can we get an update on fixing the resume/focus lifecycle hooks for the Android app?

Edited by Tigga5
Posted

Hi, it should after a few minutes if you set the startup option to show login screen.

Posted
20 hours ago, Luke said:

Hi, it should after a few minutes if you set the startup option to show login screen.

We've been over this for 8 months, and it's clear you're just dismissing the problem since security apparently isn't a priority for Emby. That is absolutely not how the app behaves and the issue is trivial to reproduce.

Why are you so adamantly against fixing a basic security flaw that leaves restricted profiles completely exposed? It is extremely odd that you would rather shove your head in the sand and pretend a reproducible PIN bypass doesn't exist than take a few minutes to actually fix it.

The worst part is this isn't even the first time you guys have completely ignored account security and PIN issues like this. This lackadaisical attitude toward fundamental and basic account security is absolutely insane.

 

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...