Security surrounding config / admin center page- help!
Posted: Thu Feb 14, 2019 11:10 am
So I am using Transmission on my QNAP Nas (Love it)
I have found a security issue though and and keen on any tips to resolve.
Basically, if I enter my external IP address from anywhere and then "/transmission/" I can access the config page and change the settings.json config file.
I could change the password if i wanted to and potentially backdoor otter areas of the NAS from here.
So if my external ip address was 56.88.78.455 and i entered in http://56.88.78.455/transmission/ I am directed to the config page as per the attached screenshot:
https://photos.app.goo.gl/wwhFRSS1tnGkZA2n9
Is there any known way to prevent this access at all?
Setting a username & password is only applicable to the web GUI from what I understand (which I already have in place)
Thanks
I have found a security issue though and and keen on any tips to resolve.
Basically, if I enter my external IP address from anywhere and then "/transmission/" I can access the config page and change the settings.json config file.
I could change the password if i wanted to and potentially backdoor otter areas of the NAS from here.
So if my external ip address was 56.88.78.455 and i entered in http://56.88.78.455/transmission/ I am directed to the config page as per the attached screenshot:
https://photos.app.goo.gl/wwhFRSS1tnGkZA2n9
Is there any known way to prevent this access at all?
Setting a username & password is only applicable to the web GUI from what I understand (which I already have in place)
Thanks