-
Notifications
You must be signed in to change notification settings - Fork 77
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unrestricted connection between the Marzban-Node and Marzban-Dashboard #26
Comments
@mmx2004 there are a bunch of nodes out there that don't have a copy of the certificate yet, which can cause a node stop working after updating Marzban. so, currently, we implemented the safe way and suggest users to update their nodes. we hope that the awareness about this will increase with the completion of our documentation. |
But It appears that even the previous version of Marzban-Node lacks sufficient protection against unauthorized use. With the correct version of Marzban-Dashboard, one could potentially utilize another individual's Marzban-Node, which poses a significant security concern. This situation is far from ideal and requires immediate attention to ensure proper security measures are in place. |
This is why marzban removed the old method for nodes , in the new version unauthorized marzban can't connect nodes. |
I think they are having this issue in the new version not the old one |
can u provide some details on how this could happen? |
When adding a Node in the Marzban-Dashboard, it displays a Certification that ideally needs to be copied into the Node. However, even without copying this Certification, the Node can still be connected to the Dashboard and used without any issues. This presents a significant security flaw that requires immediate attention and resolution.
The text was updated successfully, but these errors were encountered: