telnet vulnerability in aura-playout deployment
This issue is related to the aura-playout deployment.
In prior releases, telnet had to be enabled explicitly. In alpha3, it's enabled by default.
This is a high risk since there are no credentials required to connect to the telnet server.
So engine-core can be paralyzed by sending bunches of data - even without knowing any control commands.
Beside that, the port 1234 seems to be hardcoded in the dockercompose file and all fallback values are set to enable telnet with this settings.
Suggestions:
- disable telnet by default and use safe fallback values in dockercompose.yml
- require credentials
- add note in docs.aura.radio