Speedtest-Tracker icon indicating copy to clipboard operation
Speedtest-Tracker copied to clipboard

Published 20 hours ago verified publisher icon henrywhitaker3

[BUG] Leaking of InfluxDB Password and Telegram Bot Key

Open 0n1cOn3 opened this issue 3 years ago • 1 comments

Describe the bug Administation Section is not secure and exposes Telegram Bot ID and InfluxDB Password

To Reproduce Steps to reproduce the behavior: Setup the Docker Container for it and run it - use any other machine with a different IP and visite the page.

Expected behavior There should be a Login Section without exposing DB Password, Telegram Bot ID

Context

  • OS: Synology DSM 7.1
  • Speedtest-Tracker Version: Latest

Additional context

Please add asap a possibility to login. Until then, I cannot use the Software.

0n1cOn3 avatar Sep 10 '22 16:09 0n1cOn3

you need to configure the enviroment 'AUTH' https://github.com/henrywhitaker3/Speedtest-Tracker#parameters

-e AUTH Optional. Set to 'true' to enable authentication for the app

or if you're using compose add under enviroment:

  • AUTH=true

good luck

trackd avatar Sep 16 '22 11:09 trackd