iz3man
February 1, 2021, 1:08pm
1
I was just noticed during a debug session where I added a user for someone else to log into my HA system, that there was NO NEED TO ENTER A PASSWORD.
If you enter the url you’re presented with this:
This is my config:
auth_providers:
- type: trusted_networks
trusted_networks:
- 192.168.1.0/24
- 172.0.0.0/8
- type: homeassistant
Any idea what I need to change to make my system secure again?
tom_l
February 1, 2021, 2:57pm
2
Remove the trusted networks.
2 Likes
iz3man
February 1, 2021, 3:14pm
3
What I wanted to acchieve is a trusted login from my own network, but as this is routed/hosted by nginx, which is also from the LAN, it may cause this, correct?
Tinkerer
February 2, 2021, 7:37am
4
Yes, because the IP of the proxy is included in the network ranges you configured to be trusted.
