[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Glances: Unprotected XMLRPC server enabled by default

Hi Jim,

On Thu, Oct 10, 2019 at 04:31:01PM +0800, Jim Mee wrote:
> Hi all,
> 
> I recently found glances <https://packages.debian.org/buster/glances>
> package has added an XMLRPC API server that provides access for remote
> users. Unfortunately it requires no authentication, and worse, it binds to
> 0.0.0.0, meaning glances API is exposed to the whole network.
> 
> I suggest that the packager adds a random password on install, and remind
> the user to change it afterwards.

Can you fill this as regular bug against the package (ideally with
reportbug otherwise for alterntive
https://www.debian.org/Bugs/Reporting)?

Regards,
Salvatore
Reply to: