You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Airsonic automatically creates a "guest" user, which is shown via "WebUI -> Settings -> Users -> Select User"
After deleting the user it is reappearing automatically after some time.
I see it as an security issue, since I don't know how the guest user is created and which password is assigned to it (Probably some default password that can be bruteforced).
Feature
Guest user should not be created at all and deleting it should be permanent.
The text was updated successfully, but these errors were encountered:
"Autogenerated for " + User.USERNAME_GUEST + " user");
}
}
Before 11.1.4-SNAPSHOT.20240613153447, it is created for external player to access resource in Airsonic Advanced.
After that release, it is also created for access artist image. That is why guest user appears frequently.
I don't think there is a high risk of passwords being leaked and causing problems immediately.
But, I agree that automatically generating a guest user and operating in this manner is not ideal. I would like to revise the implementation.
Scope
GUI
What problem
Airsonic automatically creates a "guest" user, which is shown via "WebUI -> Settings -> Users -> Select User"
After deleting the user it is reappearing automatically after some time.
I see it as an security issue, since I don't know how the guest user is created and which password is assigned to it (Probably some default password that can be bruteforced).
Feature
Guest user should not be created at all and deleting it should be permanent.
The text was updated successfully, but these errors were encountered: