Slightly OT: Major leak of Orvibo user data

Hi all, slightly off topic but since it is quite possible people have some of these devices.

Change passwords straight away ...

1 Like

The vpnmentor article is spot on when explaining the impact. I’ve seen several vulnerabilities on individual devices before, but never as big of a scale. All but one of the reports went ignored, but judging from the screenshots it was a different yet similar kind of leak.

Slightly off topic but still relevant for security of Node-RED based systems. If you run on Linux, and you use SupervisorD, make sure the remote monitoring is disabled, and firewall rules are present to prevent these ports from opening. Being able to tail server logs, whether INFO or DEBUG level doesn’t make it less bad if too much info is logged (such as full text and links of a password reset email), is a huge risk. Being able to do that from a web browser is an even bigger risk.