[ubuntu-mono] [Bug 1355374] [NEW] Password leaked in cleartext!
Eric Anderson
1355374 at bugs.launchpad.net
Mon Aug 11 18:47:08 UTC 2014
Public bug reported:
I tried to run gnome-rdp without rdesktop being installed. This
produced a log message reporting the failure, which included the clear-
text password on the command line. This is a major security issue!
First, the log messages themselves expose the password. Second, if the
password is passed as a command-line argument, that information may be
leaked to anyone who can see a process list on the computer.
** Affects: gnome-rdp (Ubuntu)
Importance: Undecided
Status: New
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Ubuntu
CLI/Mono Uploaders, which is subscribed to gnome-rdp in Ubuntu.
https://bugs.launchpad.net/bugs/1355374
Title:
Password leaked in cleartext!
Status in “gnome-rdp” package in Ubuntu:
New
Bug description:
I tried to run gnome-rdp without rdesktop being installed. This
produced a log message reporting the failure, which included the
clear-text password on the command line. This is a major security
issue!
First, the log messages themselves expose the password. Second, if
the password is passed as a command-line argument, that information
may be leaked to anyone who can see a process list on the computer.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-rdp/+bug/1355374/+subscriptions
More information about the Ubuntu-mono
mailing list