Potential Remote Access Due to Network Misconfiguration #1181
Labels
Comments
|
Thanks for the bringing this up. This project does not open ports to the outside network. It seems some users may have inadvertently enabled port forwarding or DMZ to the server hosting the bridge, exposing streams unintentionally. Although this project is intended for local access only, I'll try implementing an opt-out for the web authentication to prevent users from making the same mistake. Again, users should NOT enable port forwarding to the bridge from the external network unless they know what they're doing! |
mrlt8
changed the title
mrlt8
added
documentation
mrlt8
added a commit
that referenced
this issue
May 10, 2024
mrlt8
added a commit
that referenced
this issue
May 11, 2024
mrlt8
added a commit
that referenced
this issue
May 12, 2024
WEB_USERNAME > WB_USERNAME WEB_PASSWORD > WB_PASSWORD
Merged
mrlt8
added a commit
that referenced
this issue
May 12, 2024
* Sign motion event request #1125 * use device id instead of mac #1125 * remove wrong flags from mkfifo #1174 * less aggressive flush #1159 #1167 * Use K10052 for setting FPS #1161 * Refactor bits for going above 255 for quality * Revert ffmpeg changes #1159 #1167 * version is obsolete * default quality to hd180 * Update Wyze iOS App version from v2.44.5.3 to v2.50.6.1 (#1176) * use struct pack * Token based auth over the webUI * Fix redirect for Home Assistant Ingress * Use request headers to fix redirect for HA * Change GET to POST for webhooks data * Deprecate ifttt_webhook in favor of webhooks * use yml for HA config and make credentials optional * keep trying to identify audio #1172 * Snapshot on motion and push to mqtt #709 #970 * Add event time to motion message * refactor auth * EVENT_API option #1125 * Add additional headers #1125 * Audio sync with higher bitrate * Debug api request #1125 * Update api.py * only debug on error * Tweak audio sync * don't raise error on lost frame * clear buffer if out of sync * Unique macs only #1125 Co-Authored-By: Cameron <32912464+kiwi-cam@users.noreply.github.com> * Require auth by default and block non-ingress access #1181 * Allow non-ingress access with auth #1181 * Remove retain flag from commands #1182 * update webrtc to work with auth streams * Add WB_API and rename WEB to WB #1181 WEB_USERNAME > WB_USERNAME WEB_PASSWORD > WB_PASSWORD * HA move /config/wyze-bridge/ to /config/ * Don't notify substream event and remove v2 #1125 * WebUI Auth related config for HA * Don't retain discovery message? #1182 * Case sensitive credentials for WebUI * changelog and readme --------- Co-authored-by: Cameron <32912464+kiwi-cam@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A simple Shodan search shows all the camera feeds being exposed out to the internet. smh.
The text was updated successfully, but these errors were encountered: