Comment on Sharing Jellyfin
exu@feditown.com 1 day agoThe main unauthenticated action is video streaming, but an attacker would need to guess the correct id by chance.
Comment on Sharing Jellyfin
exu@feditown.com 1 day agoThe main unauthenticated action is video streaming, but an attacker would need to guess the correct id by chance.
MaggiWuerze@feddit.org 1 day ago
It’s not chance if the I’d is based on the path to your media. There’s but that much variation in the path to a certain movie and its trivial to build a rainbow table to try them out. This way unauthenticated users can not only stream from your server but effectively map your library