Moode Forum
[PROBLEM] SMB Server security concern - Printable Version

+- Moode Forum (https://moodeaudio.org/forum)
+-- Forum: moOde audio player (https://moodeaudio.org/forum/forumdisplay.php?fid=3)
+--- Forum: Support (https://moodeaudio.org/forum/forumdisplay.php?fid=7)
+--- Thread: [PROBLEM] SMB Server security concern (/showthread.php?tid=3182)



SMB Server security concern - pereirase - 11-23-2020

Hi,

Moode has an active SMB Server with the guest account setup as root user, providing open access to many directories in the system as "root". 

One of the exposed directories are remote media libraries that may have been added to Moode. While these may originally have credentials when added, these then become fully available without any authentication within the Local Network through the Moode SMB Server. 

This looks like a security issue and what I'm wondering is why does Moode even requires a SMB Server?

Thanks!


RE: SMB Server security concern - Tim Curtis - 11-23-2020

What's your usage scenario that creates a security issue for your content?

moOde is not security hardened and as such should never be connected directly to the Public internet or any other unsecured network.

The Samba shares that moOde exposes are for the convenience of users that want to copy files etc.


RE: SMB Server security concern - pereirase - 11-23-2020

Thanks Tim for the quick reply, and great work with the moOde development!

I use it at home and risk is limited, still I do set my Samba server, as well any other network service, with credentials to reduce risks of access by unauthorised people or apps. These days there are just too many mobile apps and devices that we "bring" to our home network that aren't trustworthy.

I understand security hardening is not the focus of moOde and risk of access to moOde itself and most of its directories is limited, though if people setup their SMB servers with authentication, I think it would make sense to not make these mounts available through moOde's own SMB server or/and allow users to configure the SMB server with credentials through its WebUI.

Thanks!