Authentication for Qobuz passed along unencrypted / insecure

Beantwortet
BSoz

I was struggling today to add my Qobuz account to my Node 2i via the Bluesound app on Android, AT&T internet service. Eventually I received notification from the AT&T Smart Home app that a "Privacy Threat [was] Blocked"

From the app:

NOTIFICATION

We noticed that Node2i was trying to send unencrypted authentication information. Sending information this way exposes your sensitive information and makes it vulnerable to tampering. 

Blocked URL

www.qobuz.com/api.json/0.2/user/login?.....[redacted]

In order to connect Qobuz to Bluesound I had to unblock / whitelist the URL.

I'm not a programmer but it is my understanding that general best practices call for not sending authentication or other sensitive info in an insecure manner. I'm wondering if this is an issue with Bluesound code or Qobuz code, and more importantly, can it please be fixed?

0

Kommentare

1 Kommentar

Datum Stimmen
  • Offizieller Kommentar
    Tony W.
    Product Support Manager

    Thanks for the tip BSoz - your Support Crew Member you were working with has also followed up internally.  We are updating our notes here and letting our Product Development Team know so they can work with Qobuz to find out of there is a more secure Authentication method with Qobuz's servers. 

Bitte melden Sie sich an, um einen Kommentar zu hinterlassen.

Sie haben nicht gefunden, wonach Sie suchten?

Neuer Post