Hi,
If the guacamole is accessed from a transparent proxy environment e.g. (About
SSL Inspection | Zscaler)
May I know what kind of information can be extracted or replayed? Does
guacamole support perfect forward secrecy on sessions?Is there possibility to
see in clear the user sessions or worst access the guacamole without
authentication?I assume that in such case it will be limited to the session
that was captured and is not able to compromise the entire Guacamole without
proper authentication and 2FA?Hope someone can provide more inputs how to
better tighten the security in Guacamole in such kind of environments.
Thanks in advance.
