If you have not already, we suggest setting your Plex username to something else rather than email which is displayed on your posts in forum. You can change the username at https://app.plex.tv/desktop#!/account
Welcome to our forums! Please take a few moments to read through our Community Guidelines (also conveniently linked in the header at the top of each page). There, you'll find guidelines on conduct, tips on getting the help you may be searching for, and more!

Plex Home automatically authenticates last user when there is no internet

Hello everyone,

I recently purchased a Plex Pass and this problem is related to the Plex Pass Home functionality. However I didn't post in the Plex Pass section as it is also related to the Samsung Smart TV app.

I set up a home with my account protected by a PIN and the guest account for more restricted access to anyone else. I disabled the "Auto login last user and skip pincode" option, since otherwise : why put a PIN code in the first place ?

Everything works fine but I discovered after an internet outage that this option is ineffective when there is no internet : the Plex app automatically logs in with the last account (in my case : my account or the guest account, depending on which was the last used) as "offline", without asking for any PIN, and giving the user the same permissions as if he was indeed the owner of the account.

In short : if I was the last person who used the app, anybody in my house can unplug the modem to trigger an internet outage and then get access to all my local servers (even those he wasn't supposed to access), mess with my files since I have enabled the "Allow media deletion" option, and mess with my "watched / unwatched" status.

Obviously I trust the people in my house : I locked my account only to ensure that nobody watches something under my account if I'm not watching with, therefore corrupting my "watched / unwatched" status. But this still looks like a security issue to me. Is this a bug ?



Sign In or Register to comment.