Potential Security issue / Backdoor

[xtreamjava]

HI,

During past few months, I have installed fresh versions of Xtream-UI from multiple repos, Including yours. (Not the MariaDB version) I did setup up traffic monitoring and firewall. I have made following findings:

• Servers were receiving connection requests with Username and Passwords that I had setup. (They were leaked)
• On few instances, server received request for Admin page, Even the random login URI path was leaked.

Whats next?

• I'm happy to share my two cents with you on private channel and not disclose it here.

• I'm going to try digging little deeper.

My Question?

Have you found any similar issue?

[xtreamjava]

I Couldn't find the problem bits, It seemed to be in the encrypted part. but the solution is to use firewall. And that seemed to be the only solution without the raw code. So I'm going to close it for now