albino1
commented
7 years ago Good to know.
FWIW, there's probably nothing that can be done about it because this project is long abandoned. Most people are on a different fork, and even if it did get updated after years of being dormant, there's no auto-update mechanism, so the only way for someone to find out there was a fix is to come to the long dead Github page and discover it on their own :)
vxnuke
Hi, I scan the Internet and gather information about Internet connected devices all over the world. I found that Werkzeug Console is enabled and not protected on multiple hosts running this software. If console is enabled by default you should disable console or upgrade and put pin protection on it as it leaves system vulnerable to exploitation. Another issue too is even if you have http basic authentication enabled(Login). You can still access console without authentication.