Karl Blixt 8 Posted January 12, 2020 Posted January 12, 2020 Hi, so I was setting up some users and I found that by simply manually typing in the url emby.mydomain.com/web/index.html#!/dashboard.html I was able to get to the server's dashboard as a user without admin privileges. I was unable to actually save any changes and actually make some changes. But there are some things that are stored in plain text that is potentially sensitive. the emby premium key for example. now, I don't have any users sophisticated enough to abuse this and I certainly don't have any hostile users which I doubt anyone have. but I really think that this should be addressed. 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now