#confidentlyincorrect

Does your friend have a static IP? Unlikely considering that you have to pay extra for a static IP.

It isn’t randomly generated. If you read through you would have known that.

Also, Rainbow tables.

tldr, Rainbow tables are precomputed lists of hashed values used to crack password hashes quickly. Instead of hashing each password guess on the fly, attackers use these tables to reverse hashes and find the original passwords faster, especially for weak or common ones. They’re less effective against hashes protected by a unique salt.

The last set of comments is from 2024. These have not been addressed. The fact that it is possible to stream without auth is just bonkers.

The entirity of jellyfin security is security via obscurity which is zero security at all.

“As a cybersec researcher”, the limp wristed, hand wavy approach to security should be sending up alarm bells. The fact that it doesn’t, means that likely either, you don’t take your research very seriously, or you aren’t a “cybersecurity researcher”.

“Thank you for this list. We are aware of quite a few, but for reasons of backwards compatibility they’ve never been fixed. We’d definitely like to but doing so in a non-disruptive way is the hard part.”

Is truly one of the statements of all time.