New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Potential Remote Access Due to Network Misconfiguration #1181
Comments
Thanks for the bringing this up. This project does not open ports to the outside network. It seems some users may have inadvertently enabled port forwarding or DMZ to the server hosting the bridge, exposing streams unintentionally. Although this project is intended for local access only, I'll try implementing an opt-out for the web authentication to prevent users from making the same mistake. Again, users should NOT enable port forwarding to the bridge from the external network unless they know what they're doing! |
WEB_USERNAME > WB_USERNAME WEB_PASSWORD > WB_PASSWORD
* Sign motion event request #1125 * use device id instead of mac #1125 * remove wrong flags from mkfifo #1174 * less aggressive flush #1159 #1167 * Use K10052 for setting FPS #1161 * Refactor bits for going above 255 for quality * Revert ffmpeg changes #1159 #1167 * version is obsolete * default quality to hd180 * Update Wyze iOS App version from v2.44.5.3 to v2.50.6.1 (#1176) * use struct pack * Token based auth over the webUI * Fix redirect for Home Assistant Ingress * Use request headers to fix redirect for HA * Change GET to POST for webhooks data * Deprecate ifttt_webhook in favor of webhooks * use yml for HA config and make credentials optional * keep trying to identify audio #1172 * Snapshot on motion and push to mqtt #709 #970 * Add event time to motion message * refactor auth * EVENT_API option #1125 * Add additional headers #1125 * Audio sync with higher bitrate * Debug api request #1125 * Update api.py * only debug on error * Tweak audio sync * don't raise error on lost frame * clear buffer if out of sync * Unique macs only #1125 Co-Authored-By: Cameron <32912464+kiwi-cam@users.noreply.github.com> * Require auth by default and block non-ingress access #1181 * Allow non-ingress access with auth #1181 * Remove retain flag from commands #1182 * update webrtc to work with auth streams * Add WB_API and rename WEB to WB #1181 WEB_USERNAME > WB_USERNAME WEB_PASSWORD > WB_PASSWORD * HA move /config/wyze-bridge/ to /config/ * Don't notify substream event and remove v2 #1125 * WebUI Auth related config for HA * Don't retain discovery message? #1182 * Case sensitive credentials for WebUI * changelog and readme --------- Co-authored-by: Cameron <32912464+kiwi-cam@users.noreply.github.com>
A simple Shodan search shows all the camera feeds being exposed out to the internet. smh.
The text was updated successfully, but these errors were encountered: