Package: x2goserver Version: 4.0.1.6 Severity: critical Hi,
I just noticed that x2goserver allows to connect to ALL running X sessions on the target machine, using "connect to local desktop". These might be logged in local users, or NX sessions which were not terminated correctly. This is especially worse in the latter case, as the screen is not locked here, normally. This is a HUGE security leak, as now all users are able to access data of the other users, and hinder them from working by manipulating current sessions. Normal remote desktop software should BLOCK such access by default, and only allow it when the user explicitly requested it or configured it so. _______________________________________________ X2Go-Dev mailing list X2Go-Dev@lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-dev
