- cross-posted to:
- technology@beehaw.org
- cross-posted to:
- technology@beehaw.org
Plex is starting to enforce its new rules, which prevent users from remotely accessing a personal media server without a subscription fee.
If anyone needs it: https://jellyfin.org/
Should I begin telling you about the wonderful man in the middle attack that I reported to Plex over 3 years ago and how it’s still not fixed? Anyone can setup a plex instance and use that very instance to request an ssl certificate on behalf of any other plex instance, and then setup shop and gain complete access to your machine.
You’re going to need to back up your claim otherwise you might as well be lying as there’s no CVE like this I can find nor any public disclosure.
Plex have a bug bounty program and a responsive security team too.
Post your security report.
Do you have a CVE for this?