Meh, even though I was sure I tested this yesterday before sending this
email, I clearly messed something up when I tested. The ~/.tsclient
directory is 0700 so there is no security vulnerability after all. I
tested on Hardy - Natty. Sorry for the noise.
** Changed in: tsclient (Ubuntu Lucid)
After reading the comments of this bug, I noticed that the password is
in a world-readable file and am planning updates for that. Fixing those
permissions will remove the security vulnerability. Upstream commented
they may move to gnome-keyring in the future, but we won't diverge from
upstream on t
** Changed in: tsclient (Ubuntu)
Status: Confirmed => Triaged
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
https://bugs.launchpad.net/bugs/296682
Title:
tsclient stores user/password as clear text
--
ubuntu-bugs mailing l
Cyclops: you're correct that if hashing is used, then the user would not
be able to save the password, and would have to retype it for each
connection as a hash is not reversible. So yeah, hashing would *not* be
a valid solution for users who would like to save their remote
connection passwords in
hash+salt is for storing passwords you will authenticate against (like
/etc/shadow, for instance). In this case, it's the remote credentials so
you don't have to type them on each connection. If it was crypt+salted
how would the software know what the password is without showing it to
everyone anyw
using the keyring would be ideal, but anything other than storing the
password in the clear would have been a security improvement IMHO.
Hashing the password with a installation-specific salt should be trivial
to implement for instance.
--
tsclient stores user/password as clear text
https://bugs.
** Changed in: tsclient
Status: New => Fix Committed
** Changed in: tsclient
Importance: Undecided => High
** Changed in: tsclient
Importance: High => Critical
--
tsclient stores user/password as clear text
https://bugs.launchpad.net/bugs/296682
You received this bug notification b
While it's not using the keyring (which it should), I've added a chmod forcing
0600.
http://tsclient.svn.sourceforge.net/viewvc/tsclient/trunk/src/rdpfile.c?r1=26&r2=105&pathrev=105
--
tsclient stores user/password as clear text
https://bugs.launchpad.net/bugs/296682
You received this bug notifi
I just discovered this security issue on my own after deciding to
inspect my "~/.tsclient/last.tsc" file and couldn't believe this hadn't
been reported before. So I decided to do a google search which lead me
here.
Guys, this is bad news! As mentioned by clovepower the password is
stored *in the
I've also noticed that the files are created with less than perfect
permissions:
-rw-r--r-- 1 ahowells ahowells 872 2009-06-19 20:38 last.tsc
-rw-r--r-- 1 ahowells ahowells 0 2009-06-19 20:29 mru.tsc
Perhaps it would be possible for them to start life as -rw--- or
something, as well
** Changed in: tsclient (Ubuntu)
Importance: Undecided => Wishlist
--
tsclient stores user/password as clear text
https://bugs.launchpad.net/bugs/296682
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
ubunt
Upstream bug:
http://sourceforge.net/tracker/?func=detail&aid=1889093&group_id=192483&atid=941574
Upstream feature request:
http://sourceforge.net/tracker/?func=detail&aid=1834829&group_id=192483&atid=941577
** Changed in: tsclient (Ubuntu)
Status: New => Confirmed
--
tsclient stores use
** Also affects: tsclient
Importance: Undecided
Status: New
--
tsclient stores user/password as clear text
https://bugs.launchpad.net/bugs/296682
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
ubunt
Also, the very same data is stored under /home//.tsclient folder
in last.tsc and mru.tsc files.
So, credentials are stored in clear text even if user is not explicitly
saving an RDP file.
--
tsclient stores user/password as clear text
https://bugs.launchpad.net/bugs/296682
You received this bug
** Visibility changed to: Public
--
tsclient stores user/password as clear text
https://bugs.launchpad.net/bugs/296682
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://list
15 matches
Mail list logo
