Hi Jim, On Thu, Oct 10, 2019 at 04:31:01PM +0800, Jim Mee wrote: > Hi all, > > I recently found glances <https://packages.debian.org/buster/glances> > package has added an XMLRPC API server that provides access for remote > users. Unfortunately it requires no authentication, and worse, it binds to > 0.0.0.0, meaning glances API is exposed to the whole network. > > I suggest that the packager adds a random password on install, and remind > the user to change it afterwards.
Can you fill this as regular bug against the package (ideally with reportbug otherwise for alterntive https://www.debian.org/Bugs/Reporting)? Regards, Salvatore
