Source: remmina Severity: normal Tags: security X-Debbugs-Cc: Debian Security Team <[email protected]>
Dear Maintainer, I'm making this report so that it is tracked and more people become aware of it. Remmina currently copies the local clipboard contents to the remote RDP server, automatically, without any user interaction. This is contrary to how many other apps handle clipboard synchronization, where they typically require a specific keyboard combination or only synchronize the keyboard upon pasting, not automatically all the time. The issue is that secret data is contantly being leaked to the server when the connection is established, for example every time you copy anything from your password manager, even if you're not interacting with remmina at the time. Upstream bugtracker has two bugs about this: https://gitlab.com/Remmina/Remmina/-/issues/2939 https://gitlab.com/Remmina/Remmina/-/issues/2973
