02 March 2020 - Node-Red Admin API Follow
Summary
in versions of Mobiusflow Gateways software the Node-Red admin API was accessible to un-authenticated users
Description
the Node-Red Admin API was accessible at the gateway's Configuration UI endpoint without requiring user authentication. this allowed anonymous access to the Node-red flows and potentially any configuration information stored within there.
Solution
This has been fixed in v1.0.3 of the Mobiusflow Gateway software. this now requires mobius users to authenticate to the node-red admin API.
Comments
0 comments
Please sign in to leave a comment.