Unprotected admin web-Interface exposed to the internet by default

[jhunovis]

By default your Syncthing's web-interface will be enabled, not password protected and exposed to the public internet! This affects all home-servers which allow access to the HTTPS port from the internet!

You should either:

• enforce the user to supply a username and a strong password for the admin web-interface or
• deny all access to the web-interface from all but the local network!

Exposing the unprotected admin interface allows any attacker to steal all of the users files, add extra (malicious files), or to modify any of the users files! Since vulnerable server can be found by simply trying the whole IP space this is critical!

[yalh76]

Solved activating ldap authentication