Public IP potentially leaks other users IPs

[Altirix]

Used Ulterius back when it first came out and it worked fine. uninstalled and never got it to work again with external connections and gave up. Came back to see if it had matured and was working or if i could work it out.

managed to get it to work by just disabling windows firewall entirely, but when i hover over the Public IP someone elses IP appears. i tested this ip in ulterius and it connected me to WORKSTATION/Joe.

ive seen it be other Ips (one starting in 47. )but have not confirmed if they are other users. i do not know what has caused this. The version is the latest from the site.

[andrewmd5]

Wow, thank you for bringing this to my attention.

Cloudflare was caching the entire API over GET (https://api.ulterius.io/network/ip/). I'm not sure how this happened given I have a page rule that strictly told it to NOT cache the API domain, nonetheless it is fixed now.

I've reported this to Cloudflare.

[andrewmd5]

I performed a more in depth analysis and it doesn't seem anyone was breached as a result of this (thankfully). Ulterius does enforce you use a password for your Windows account and I can't see any indication this was a known issue until today.