Hi all,
I recently found glances package has added an XMLRPC API server that provides access for remote users. Unfortunately it requires no authentication, and worse, it binds to 0.0.0.0, meaning glances API is exposed to the whole network.
I suggest that the packager adds a random password on install, and remind the user to change it afterwards.