On Tue, Jan 30, 2024 at 2:23 AM Döngi, T. <t.doe...@wiesloch.de> wrote:
> Hi all,
>
>
>
> RDP connection credentials are stored plain text in MariaDB. I consider
> that a big security risk for case of guac server getting compromised. For
> better understanding what’s the reason for that and is it planned to hash
> the credentials in near future?
>
>
>
The reasoning behind this is that, even if credentials are hashed, they
have to be stored in some sort of reversible hash in order to be sent to
the server, which means that the value of hashing them in the first place
is questionable. If an attacker gets access to your database server in such
a way that they can read the tables that contain the configuration value,
then they probably also can get to things like the Guacamole client
configuration (guacamole.properties), so they'd also be able to reverse any
hash values pretty easily. It really falls under the header of "security by
obfuscation", which isn't really good security.
I do not know of any plans to change this - we've discussed it before, and
the overall value is low. The better things to do are:
1) Make sure that you adequately protect your database, and the Guacamole
<-> Database communications. They should be treated as if they contain
sensitive information.
2) Avoid storing credentials for your connections in your database. Use
parameter tokens (${GUAC_USERNAME} and ${GUAC_PASSWORD}) to pass user
credentials through directly, have connections prompt for credentials, or
use the KSM Vault to handle credentials rather than storing them directly.
-Nick
>
