X2Go Bug report logs -
#773
DirectRDP: X2Go Client reveals user password in process list if xfreerdp is used
Toggle useless messages
Report forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>
:
Bug#773
; Package x2goclient
.
(Thu, 29 Jan 2015 12:15:01 GMT) (full text, mbox, link).
Acknowledgement sent
to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
:
New Bug report received and forwarded. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>
.
(Thu, 29 Jan 2015 12:15:01 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.x2go.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: x2goclient
Severity: grave
When a users uses X2Go Client for directly accessing an RDP Server,
then one can use the DirectRDP feature.
The DirectRDP features allows wrapping around the rdesktop command or
the xfreerdp command.
With both wrapper modes, the password is given to the RDP client
application on the command line.
With rdesktop, the command line ($@) gets rewritten for the process
list and the password is replaced by XXXXXXXX.
With xfreerdp, the command line stays as is and reveals the RDP user's
password on the process list of the machine that X2Go Client runs on.
The FreeRDP people have added a command line option --from-stdin to
xfreerdp 1.0.x for this purpose, that may be an option using in X2Go
Client. However, I am not sure, if this option survived in xfreerdp
1.1.x or later (it is not on the xfreerdp man page for
1.1.0~git<sometime-in-2014> as shipped with Debian jessie.
Mike
--
DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
[Message part 2 (application/pgp-signature, inline)]
Information forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>
:
Bug#773
; Package x2goclient
.
(Fri, 22 Mar 2019 22:10:03 GMT) (full text, mbox, link).
Acknowledgement sent
to uli42@gmx.de
:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>
.
(Fri, 22 Mar 2019 22:10:03 GMT) (full text, mbox, link).
Message #10 received at 773@bugs.x2go.org (full text, mbox, reply):
xfreerdp 2 also XXXXes the password
So with a current version this is a non-issueand can be closed.
Information forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>
:
Bug#773
; Package x2goclient
.
(Tue, 26 Mar 2019 13:20:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>
.
(Tue, 26 Mar 2019 13:20:03 GMT) (full text, mbox, link).
Message #15 received at 773@bugs.x2go.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Control: close -1
On Fr 22 Mär 2019 23:08:00 CET, Ulrich Sibiller wrote:
> xfreerdp 2 also XXXXes the password
>
> So with a current version this is a non-issueand can be closed.
Thus, closing...
Mike
--
DAS-NETZWERKTEAM
c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4354) 8390 139
GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
[Message part 2 (application/pgp-signature, inline)]
Marked Bug as done
Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
to 773-submit@bugs.x2go.org
.
(Tue, 26 Mar 2019 13:20:03 GMT) (full text, mbox, link).
Notification sent
to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
:
Bug acknowledged by developer.
(Tue, 26 Mar 2019 13:20:03 GMT) (full text, mbox, link).
Information forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>
:
Bug#773
; Package x2goclient
.
(Tue, 26 Mar 2019 14:05:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Stefan Baur <X2Go-ML-1@baur-itcs.de>
:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>
.
(Tue, 26 Mar 2019 14:05:02 GMT) (full text, mbox, link).
Message #24 received at 773@bugs.x2go.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Uh, wait a minute. We're still shipping X2GoClient for distributions
that have an older xfreerdp version in their repository.
Thus, this should not be closed until all supported distros have made
the switch to xfreerdp2.
-Stefan
Am 26.03.19 um 14:19 schrieb Mike Gabriel:
> Control: close -1
>
> On Fr 22 Mär 2019 23:08:00 CET, Ulrich Sibiller wrote:
>
>> xfreerdp 2 also XXXXes the password
>>
>> So with a current version this is a non-issueand can be closed.
>
> Thus, closing...
> Mike
>
> _______________________________________________
> x2go-dev mailing list
> x2go-dev@lists.x2go.org
> https://lists.x2go.org/listinfo/x2go-dev
>
--
BAUR-ITCS UG (haftungsbeschränkt)
Geschäftsführer: Stefan Baur
Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364
Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243
[signature.asc (application/pgp-signature, attachment)]
Information forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>
:
Bug#773
; Package x2goclient
.
(Tue, 26 Mar 2019 16:55:02 GMT) (full text, mbox, link).
Acknowledgement sent
to uli42@gmx.de
:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>
.
(Tue, 26 Mar 2019 16:55:02 GMT) (full text, mbox, link).
Message #29 received at 773@bugs.x2go.org (full text, mbox, reply):
On Tue, Mar 26, 2019 at 3:09 PM Stefan Baur <X2Go-ML-1@baur-itcs.de> wrote:
>
> Uh, wait a minute. We're still shipping X2GoClient for distributions
> that have an older xfreerdp version in their repository.
>
> Thus, this should not be closed until all supported distros have made
> the switch to xfreerdp2.
I have xfreerdp 1.0.2 here on Centos 7.6 (freerdp-1.0.2-15.el7.x86_64)
which also XXXes the password:
sibiller 8465 0.0 0.0 260008 4356 pts/3 Sl+ 17:48 0:00
xfreerdp -p *** -u sibiller wts
So do we really have distros using an older version?
Uli
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.x2go.org>
to internal_control@bugs.x2go.org
.
(Wed, 24 Apr 2019 05:24:01 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
X2Go Developers <owner@bugs.x2go.org>.
Last modified:
Sat Nov 9 06:04:22 2024;
Machine Name:
ymir.das-netzwerkteam.de
X2Go Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.