I was browsing reddit when I noticed someone was asking about this application. I decided to look at it to install it myself. I did a google search and It happen to show me a few internet facing servers and to my surprise it took me less than a minute to noticed this App is exposing everyone Plex.tv Passwords.
I be happy to have a conversation with the admins on how I was able to do this but If I can do it anyone else can do it.
1. Plex admins have nothing to do with this, it's a third party piece of software.
2. You shouldn't have PlexWatch/Web exposed to the internet in the first place. If you plan on doing so make sure it's password protected using something like htpasswd.
The source is also freely available on Github, if you wish to make changes you are more than welcome and I'm sure eleese would appreciate the help.
Here is the repo: https://github.com/ecleese/plexWatchWeb/
1. Plex admins have nothing to do with this, it's a third party piece of software.
2. You shouldn't have PlexWatch/Web exposed to the internet in the first place. If you plan on doing so make sure it's password protected using something like htpasswd.
The source is also freely available on Github, if you wish to make changes you are more than welcome and I'm sure eleese would appreciate the help.
Here is the repo: https://github.com/ecleese/plexWatchWeb/
I just reported the issue to eleese via PM instead of GitHub and he will look into it. Thanks
2. You shouldn't have PlexWatch/Web exposed to the internet in the first place. If you plan on doing so make sure it's password protected using something like htpasswd.
This, this and more this.
