A9G-Data-Droid
commented
1 year ago I like the pattern where the first time you visit the page you get a setup workflow. It could ask for a config file to import first, as that is what I am usually doing. If the user is new then the next step is setting a password.
The main control account is shipped with a default - and well-known - password. If the unwary didn't know to change it, and the default port was accessible to malware, 'bad things' could happen, up to and including the execution of arbitrary scripts as whatever user nzbget is running as (quite possibly root).