Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web service API authentication controls to leak a log file and read the administrators username and encrypted password.
The product protects a primary channel, but it does not use the same level of protection for an alternate channel.