[ubuntu-mono] [Bug 1355374] Re: Password leaked in cleartext!
James P Michels III
1355374 at bugs.launchpad.net
Thu Aug 14 12:05:57 UTC 2014
I am the last maintainer of gnome rdp. Gnome rdp is a front end to
multiple command line tools. As such, there are limitations that make it
hard to manage correctly.
There are newer rdp applications, such as Remmina, that use a newer rdp
library. IMO, these applications are better able to properly handle
security issues.
For this reason, I have stopped maintaining gnome-rdp.
** Changed in: gnome-rdp (Ubuntu)
Status: New => Invalid
** Changed in: gnome-rdp (Ubuntu)
Status: Invalid => Confirmed
** Changed in: gnome-rdp (Ubuntu)
Status: Confirmed => Invalid
--
You received this bug notification because you are a member of Ubuntu
CLI/Mono Uploaders, which is subscribed to gnome-rdp in Ubuntu.
https://bugs.launchpad.net/bugs/1355374
Title:
Password leaked in cleartext!
Status in “gnome-rdp” package in Ubuntu:
Invalid
Bug description:
I tried to run gnome-rdp without rdesktop being installed. This
produced a log message reporting the failure, which included the
clear-text password on the command line. This is a major security
issue!
First, the log messages themselves expose the password. Second, if
the password is passed as a command-line argument, that information
may be leaked to anyone who can see a process list on the computer.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-rdp/+bug/1355374/+subscriptions
More information about the Ubuntu-mono
mailing list