In my opinion as the maintainer, this is not a bug and will not be fixed upstream. Any functions that modify data require a login, and certain functions (like those performed by koan) require access to the XMLRPC endpoint without a login or access to the token stored locally for the CLI. At no point did we say all XMLRPC functions require a login.
Beyond that, a lot of the same data that can be accessed over the web interface (namely the kickstart/preseed data) which contains information that could be considered just as sensitive (IP's, MACs, etc.). You should never have unencrypted data like plain-text passwords in your automated response files unless there is absolutely no other option and you can ensure the network they're traversing is secured. -- You received this bug notification because you are a member of Ubuntu Server Team, which is a bug assignee. https://bugs.launchpad.net/bugs/858867 Title: XMLRPC allows unauthed users access to various methods (which it shouldn't) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/858867/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
