** Changed in: remmina (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to remmina in Ubuntu.
https://bugs.launchpad.net/bugs/1307872
Title:
Remmina drops clear text password in target desktop
Status in “remmina” package in Ubuntu:
Confirmed
Bug description:
I tried to report this to the developers, but there has been no action
for months. Since Remmina is being touted as the primary RDP client
for Ubuntu, I thought you all needed to be warned. I have since
switched to KRDC, by the way.
The bug is logged on:
https://github.com/FreeRDP/Remmina/issues/218
The haiku version:
Your Windows password
Has just been typed in clear text
Into some window.
Basically, if you are logging into an existing Windows session using
RDP under Remmina, the application passes the Windows login password -
in clear text - to whatever window has focus in the Windows session.
I found that this worked for several types of windows, including UNIX
windows being emulated with an X server (Exceed). The passing of
plaintext password keystrokes in the system, to say nothing of the
password sitting in some window, clearly defeats quite a bit of
Windows security.
I do not believe that Remmina is under active development, so it looks
like it's up to you all to either get this fixed or switch the default
RDP client to something safer, IMO.
I'm using 13.10, although I believe that I saw this originally on
13.04 (no work has been done on this bug as far as I know). I did try
to report this bug automatically, but my connection would not let me
get into the descriptive part before losing contact with the server.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/remmina/+bug/1307872/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
