OctoPrint 3D Web Interfaces: EXPOSED, Port 5000 default

Published: 2018-08-28
Last Updated: 2018-08-28 20:23:09 UTC
by Richard Porter (Version: 2)
1 comment(s)

Okay folks, we had a reader report in that they have found over 3000+ exposed OctoPrint (thanks Kalaiarasu!) [1]. This web server, by default, binds to port 5000 and the access controls [2] do not seem to have much in the way of restricting access, except by user. If you have one of these running, do yourself a favor and check for internet facing exposure.

 

The docs indicate that you can have access to a remote webcam for status, among many other things [2]. Sourcecode is up on Github [3] and is released as an opensource project.

We are reseaching this and will update this diary as we get info.

 

If you have one of these, let us know how you are securing it?

 

[1] https://octoprint.org/

[2] http://docs.octoprint.org/en/master/index.html

[3] https://github.com/foosel/OctoPrint

 

 

Richard Porter

--- ISC Handler on Duty

Keywords:
1 comment(s)

Comments

What's the 3D printer equivalent of sending a black fax? Maybe someone clever could 3D print a QR code that directs the owner to how to properly secure it?

Diary Archives