A critical vulnerability in the official Termix Docker image puts users at risk of exposing sensitive SSH credentials.
The flaw allows anyone with network access to retrieve stored host addresses, usernames, and passwords without logging in.
How the Vulnerability Works
Termix provides a Docker image that runs a Node.js backend behind an Nginx reverse proxy.
The backend code uses the req.ip method to determine if a request came from the local machine, as reported by Security Researchers.
https://gbhackers.com/termix-docker-image-leaking-ssh/