X2Go Bug report logs - #773
DirectRDP: X2Go Client reveals user password in process list if xfreerdp is used

Package: x2goclient; Maintainer for x2goclient is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goclient is src:x2goclient.

Reported by: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Date: Thu, 29 Jan 2015 12:15:01 UTC

Severity: grave

Done: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Bug is archived. No further changes may be made.

Full log


🔗 View this message in rfc822 format

X-Loop: owner@bugs.x2go.org
Subject: Bug#773: [X2Go-Dev] Bug#773: Bug#773: Bug#773: xfreerdp 2 also XXXXes the password
Reply-To: uli42@gmx.de, 773@bugs.x2go.org
Resent-From: Ulrich Sibiller <ulrich.sibiller@gmail.com>
Resent-To: x2go-dev@lists.x2go.org
Resent-CC: X2Go Developers <x2go-dev@lists.x2go.org>
X-Loop: owner@bugs.x2go.org
Resent-Date: Tue, 26 Mar 2019 16:55:02 +0000
Resent-Message-ID: <handler.773.B773.15536191239515@bugs.x2go.org>
Resent-Sender: owner@bugs.x2go.org
X-X2Go-PR-Message: followup 773
X-X2Go-PR-Package: x2goclient
X-X2Go-PR-Keywords: 
Received: via spool by 773-submit@bugs.x2go.org id=B773.15536191239515
          (code B ref 773); Tue, 26 Mar 2019 16:55:02 +0000
Received: (at 773) by bugs.x2go.org; 26 Mar 2019 16:52:03 +0000
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=-0.7 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,FREEMAIL_REPLYTO,
	FREEMAIL_REPLYTO_END_DIGIT,URIBL_BLOCKED autolearn=no
	autolearn_force=no version=3.4.2
Received: from localhost (localhost [127.0.0.1])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 56F265DAF1
	for <773@bugs.x2go.org>; Tue, 26 Mar 2019 17:52:01 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de
Received: from ymir.das-netzwerkteam.de ([127.0.0.1])
	by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id meL1IkAp0ch9 for <773@bugs.x2go.org>;
	Tue, 26 Mar 2019 17:51:54 +0100 (CET)
Received: from mail-vs1-xe2b.google.com (mail-vs1-xe2b.google.com [IPv6:2607:f8b0:4864:20::e2b])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 3644D5DAE9
	for <773@bugs.x2go.org>; Tue, 26 Mar 2019 17:51:54 +0100 (CET)
Received: by mail-vs1-xe2b.google.com with SMTP id n14so8026697vsp.12
        for <773@bugs.x2go.org>; Tue, 26 Mar 2019 09:51:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:references:in-reply-to:reply-to:from:date:message-id
         :subject:to:cc;
        bh=e4RlSqllgD9rYlNoGcOuwCuOyyXjY67FEIiovf3kAqU=;
        b=WIsFIrhz6sIXN7pY/umal05vkPuCoh9TVNOzJfy2+2XqQ/2hqXwql9WrWUJ9THeOtI
         NdRQT78lgpDeuhKp/03g0jrEL/rZHRWMgO7hr/GX9G0z73Q9ttGy81G42d4FoZKdsuHX
         4Wmupf/fX2tFE7Et/TWBXMKWHAeFxBFNAI4o6rkG3m97StW3b5LxkvCb9j17NR1ATmkD
         Xtc9OnhPQDz02G1ENclAQwnnC3wl1752sUdGqp47K47I8aYrum/DdI7Cpy2YQoE6HAr8
         b5cXcwtgwWsYrkb0A3chY7pYS/Wpe/U3UgmhCR1MhNm+7I+2dArNZ51svyY+SQhJMG3H
         F3+A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:reply-to
         :from:date:message-id:subject:to:cc;
        bh=e4RlSqllgD9rYlNoGcOuwCuOyyXjY67FEIiovf3kAqU=;
        b=L7ksMrNCVOerjRYENMY0LuEMxlog7c2pY7PQGeJXSywAwghylZp5XJNHfJZE5W6vkS
         AATBivQGX4NNR0bAO/kuo7MuXK7/qbaE2vBYMWuzQ5I0fSLFr9xS2AalWFQ+1iUv4Bhg
         XaEiUCbV0WdRgfSdOmn+reK2fqbh8a7d5mIuXYzs/RT2agKEPa47bJ1G7zgAX6LSfIFa
         GyzK34MUp1vut2Z5MWhlMJEpTmkp46TSaQ/3uF0h/cpDaL7U0j5TroZTlikP/mHgWtyG
         fRaehXnm9XpDzXTJWQey8Dia0SPDo6FHlvPfXwovIKItroT2clcVnZ8v9duy/LwqiDVK
         0xww==
X-Gm-Message-State: APjAAAVowLDqnjJlHKoVPNMAyq8Frx/RE/X2Q+fn7/QSTMhRQJgiV6+u
	9uDieP/Pk1CILtfYwG/x3Lhd4HzHQBkYM3imzXo=
X-Google-Smtp-Source: APXvYqybxhiF7P2cs5QZEqMpbDFKVcfucl1+DRJ60+EMGPQcUi5Q7pJ3RAlQ5/DC29xzOfiH/YlGHuUYJ0WH8g90vrU=
X-Received: by 2002:a67:986:: with SMTP id 128mr18636460vsj.137.1553619113015;
 Tue, 26 Mar 2019 09:51:53 -0700 (PDT)
MIME-Version: 1.0
References: <20190326131906.Horde.BkvbGtzjzEB4n_92NerAY5k@mail.das-netzwerkteam.de>
 <88d90ba4-264d-6560-8a12-42cde6ed122c@baur-itcs.de>
In-Reply-To: <88d90ba4-264d-6560-8a12-42cde6ed122c@baur-itcs.de>
From: Ulrich Sibiller <ulrich.sibiller@gmail.com>
Date: Tue, 26 Mar 2019 17:51:26 +0100
Message-ID: <CANVnVY+DMuq+w6vRne+0y7-qMXhXLozmcnEEwczqxfP3ibv_Uw@mail.gmail.com>
To: Stefan Baur <X2Go-ML-1@baur-itcs.de>, 773@bugs.x2go.org
Cc: x2go-dev@lists.x2go.org
Content-Type: text/plain; charset="UTF-8"
On Tue, Mar 26, 2019 at 3:09 PM Stefan Baur <X2Go-ML-1@baur-itcs.de> wrote:
>
> Uh, wait a minute.  We're still shipping X2GoClient for distributions
> that have an older xfreerdp version in their repository.
>
> Thus, this should not be closed until all supported distros have made
> the switch to xfreerdp2.

I have xfreerdp 1.0.2 here on Centos 7.6 (freerdp-1.0.2-15.el7.x86_64)
which also XXXes the password:

sibiller  8465  0.0  0.0 260008  4356 pts/3    Sl+  17:48   0:00
xfreerdp -p *** -u sibiller wts

So do we really have distros using an older version?


Uli

Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Mon Dec 2 07:24:32 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.