[ubuntu-mono] [Bug 1355374] Re: Password leaked in cleartext!
Eric Anderson
1355374 at bugs.launchpad.net
Thu Aug 14 16:13:45 UTC 2014
That makes sense, but this is still a significant issue. There should
be some kind of warning, or the package removed, or something.
--
You received this bug notification because you are a member of Ubuntu
CLI/Mono Uploaders, which is subscribed to gnome-rdp in Ubuntu.
https://bugs.launchpad.net/bugs/1355374
Title:
Password leaked in cleartext!
Status in “gnome-rdp” package in Ubuntu:
Invalid
Bug description:
I tried to run gnome-rdp without rdesktop being installed. This
produced a log message reporting the failure, which included the
clear-text password on the command line. This is a major security
issue!
First, the log messages themselves expose the password. Second, if
the password is passed as a command-line argument, that information
may be leaked to anyone who can see a process list on the computer.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-rdp/+bug/1355374/+subscriptions
More information about the Ubuntu-mono
mailing list