X2Go Bug report logs - #773
DirectRDP: X2Go Client reveals user password in process list if xfreerdp is used

Full log

🔗 View this message in rfc822 format

MIME-Version: 1.0
X-Mailer: MIME-tools 5.507 (Entity 5.507)
X-Loop: owner@bugs.x2go.org
From: owner@bugs.x2go.org (X2Go Bug Tracking System)
Subject: Bug#773 closed by Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
 (Re: [X2Go-Dev] Bug#773: xfreerdp 2 also XXXXes the password)
Message-ID: <handler.773.b773.155360636119526.notifdone@bugs.x2go.org>
References: <20190326131906.Horde.BkvbGtzjzEB4n_92NerAY5k@mail.das-netzwerkteam.de>
X-X2go-PR-Message: they-closed 773
X-X2go-PR-Package: x2goclient
X-X2go-PR-Source: x2goclient
Date: Tue, 26 Mar 2019 13:20:03 +0000
Content-Type: multipart/mixed; boundary="----------=_1553606403-19785-0"

[Message part 1 (text/plain, inline)]

This is an automatic notification regarding your Bug report
which was filed against the x2goclient package:

#773: DirectRDP: X2Go Client reveals user password in process list if xfreerdp is used

It has been closed by Mike Gabriel <mike.gabriel@das-netzwerkteam.de>.

Their explanation is attached below along with your original report.
If this explanation is unsatisfactory and you have not received a
better one in a separate message then please contact Mike Gabriel <mike.gabriel@das-netzwerkteam.de> by
replying to this email.


-- 
773: http://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=773
X2Go Bug Tracking System
Contact owner@bugs.x2go.org with problems

[Message part 2 (message/rfc822, inline)]

From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

To: uli42@gmx.de, 773@bugs.x2go.org

Subject: Re: [X2Go-Dev] Bug#773: xfreerdp 2 also XXXXes the password

Date: Tue, 26 Mar 2019 13:19:06 +0000

[Message part 3 (text/plain, inline)]

Control: close -1

On  Fr 22 Mär 2019 23:08:00 CET, Ulrich Sibiller wrote:

> xfreerdp 2 also XXXXes the password
>
> So with a current version this is a non-issueand can be closed.

Thus, closing...
Mike
-- 

DAS-NETZWERKTEAM
c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4354) 8390 139

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

[Message part 4 (application/pgp-signature, inline)]

[Message part 5 (message/rfc822, inline)]

From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

To: submit@bugs.x2go.org

Subject: DirectRDP: X2Go Client reveals user password in process list if xfreerdp is used

Date: Thu, 29 Jan 2015 12:10:54 +0000

[Message part 6 (text/plain, inline)]

Package: x2goclient
Severity: grave

When a users uses X2Go Client for directly accessing an RDP Server,  
then one can use the DirectRDP feature.

The DirectRDP features allows wrapping around the rdesktop command or  
the xfreerdp command.

With both wrapper modes, the password is given to the RDP client  
application on the command line.

With rdesktop, the command line ($@) gets rewritten for the process  
list and the password is replaced by XXXXXXXX.

With xfreerdp, the command line stays as is and reveals the RDP user's  
password on the process list of the machine that X2Go Client runs on.

The FreeRDP people have added a command line option --from-stdin to  
xfreerdp 1.0.x for this purpose, that may be an option using in X2Go  
Client. However, I am not sure, if this option survived in xfreerdp  
1.1.x or later (it is not on the xfreerdp man page for  
1.1.0~git<sometime-in-2014> as shipped with Debian jessie.

Mike



-- 

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb

[Message part 7 (application/pgp-signature, inline)]

Send a report that this bug log contains spam.