Received: (at submit) by bugs.x2go.org; 1 Jul 2013 02:46:32 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=RCVD_IN_DNSWL_BLOCKED autolearn=ham version=3.3.2 X-Greylist: delayed 469 seconds by postgrey-1.34 at ymir; Mon, 01 Jul 2013 04:46:32 CEST Received: from mailgw01.dd24.net (mailgw01.dd24.net [193.46.215.41]) by ymir (Postfix) with ESMTPS id 319B85DA79 for ; Mon, 1 Jul 2013 04:46:32 +0200 (CEST) Received: from localhost (amavis01.dd24.net [192.168.1.111]) by mailgw01.dd24.net (Postfix) with ESMTP id C88377CC194 for ; Mon, 1 Jul 2013 02:38:43 +0000 (GMT) X-Virus-Scanned: domaindiscount24.com mail filter gateway Received: from mailgw01.dd24.net ([192.168.1.191]) by localhost (amavis01.dd24.net [192.168.1.105]) (amavisd-new, port 10191) with ESMTP id ZbrxJaRO-CAr for ; Mon, 1 Jul 2013 02:38:39 +0000 (GMT) Received: from [192.168.0.102] (host-188-174-220-133.customer.m-online.net [188.174.220.133]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mailgw01.dd24.net (Postfix) with ESMTPSA id E155A7CC16C for ; Mon, 1 Jul 2013 02:38:38 +0000 (GMT) Message-ID: <1372646308.18508.2.camel@heisenberg.scientia.net> Subject: SECURITY: x2goclient allows clipboard sniffing From: Christoph Anton Mitterer To: submit@bugs.x2go.org Date: Mon, 01 Jul 2013 04:38:28 +0200 Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.4.4-3 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Package: x2goclient Severity: grave Tags: security Hi. From: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714588 It seems that per default (and I even found no way to disable it) x2goclient (and perhaps other related tools?) transmit the content of the clipboard to the remote host. As this may easily contain passwords or other sensitive information, this is a extremely critical hole. Cheers, Chris.