first of all thank you very much for this excellent music system !! To help improve it Ieven more I share my latest observation.
I observed a security issue with volumio 2.565 on Raspberry Pi 2. I installed the following plugins: Spotify Volumio Spotify Connect2 Backup&Restore Data Volumio simple equalizer Amplifier switch Touch display Some of them are installed for future use; I only activated Spotify and Backup. The system is accessible only via WLAN with WPA2.
Now to the security issue: When I access "My Music" then within the Tidal and Quobuz sections the Username and Password are filled; Username is filled with my WLAN SSID and Password with dots (I suspect it is the WLAN password). Either if I delete these entries or fill them with fake entries and login to tidal - which returns "success" - in either case the Username and Password are unchanged to the SSID and the dots if I leave the page and return.
Is there a way I can change this ? If not - can this be fixed ?
I think you misunderstood: the fields are probably filled by the browser auto-filling options. We do not send back the TIDAL and QOBUZ credentials. To verify, just use a new window in incognito mode and you won't see them