Package: x2goclient Version: 4.0.3.2 Tags: build-win32 Severity: grave Hi all, I am not sure if this bug is X2Go Client or X2Go Server related, because I have no extended access to the site where the below issue just occurred. Client: X2Go Client for Windows (4.0.3.2-20150301) on Windows 8.1 64bit Server: X2Go Server 4.0.1.19 running on Ubuntu 10.04 Session Type: GNOMEv2 desktop session The windows machine is hooked into a network, i.e. the Windows's users %HOMEDRIVE% is on a server-side share, there are also several other network drives available. (as drive letters). The user (a customer of mine) tried to directly share the "Documents" folder with the running X2Go session and then this SSHFS mount appeared on the X2Go Server's side: ~user/media/disk/_cygdrive_ This "_cygdrive_" folder contained letters (one drive letter per available network drive). From there on you could browse all drive letters and sub-directories available on the client-side MS Windows machine. Thus, exposing all sorts of drive letters and their subfolders to the X2Go session. !!! This must be considered as a severe data security breach. !!! minor side issue: Furthermore, client-side shared folders hosted on network drives appeared in the X2Go session, but were not accessible by the user running the X2Go session (marked by a read cross and a padlock). Greets, Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb