I just discovered this security issue on my own after deciding to inspect my "~/.tsclient/last.tsc" file and couldn't believe this hadn't been reported before. So I decided to do a google search which lead me here.
Guys, this is bad news! As mentioned by clovepower the password is stored *in the clear* even if the user doesn't save the connection settings. All that it's required is that the user enters his/her password on the tsclient window, as opposed to the remote server's login screen. Plus, "~/.tsclient/last.tsc" has world-readable permissions (as mentioned by Alex)!
I'm surprised this issue hasn't been fixed by now since it was first reported back on 11th Nov 2008. That's more than 9 months ago! How come this hasn't been fixed by now? Ubuntu Security Team? Shouldn't the importance of this bug be changed from "Wishlist" to "Medium"?
For now, I guess the only protection against this issue is to NOT enter passwords on the tsclient Logon Settings screen. Instead, users should type their credentials on the *remote server*'s login screen.
I just discovered this security issue on my own after deciding to inspect my "~/.tsclient/ last.tsc" file and couldn't believe this hadn't been reported before. So I decided to do a google search which lead me here.
Guys, this is bad news! As mentioned by clovepower the password is stored *in the clear* even if the user doesn't save the connection settings. All that it's required is that the user enters his/her password on the tsclient window, as opposed to the remote server's login screen. Plus, "~/.tsclient/ last.tsc" has world-readable permissions (as mentioned by Alex)!
I'm surprised this issue hasn't been fixed by now since it was first reported back on 11th Nov 2008. That's more than 9 months ago! How come this hasn't been fixed by now? Ubuntu Security Team? Shouldn't the importance of this bug be changed from "Wishlist" to "Medium"?
For now, I guess the only protection against this issue is to NOT enter passwords on the tsclient Logon Settings screen. Instead, users should type their credentials on the *remote server*'s login screen.
$ grep -e username -e password\:b -e address -e domain ~/.tsclient/ last.tsc s:ts.domain. foo:3389 b:mysecretpass
domain:s:test
full address:
password:
username:s:ap
$ ls -l ~/.tsclient/ last.tsc .tsclient/ last.tsc
-rw-r--r-- 1 ap ap 873 2009-08-26 17:46 /home/ap/
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 8.04.3 LTS
Release: 8.04
Codename: hardy
$ apt-cache policy tsclient gb.archive. ubuntu. com hardy/main Packages dpkg/status
tsclient:
Installed: 0.150-1ubuntu1
Candidate: 0.150-1ubuntu1
Version table:
*** 0.150-1ubuntu1 0
500 http://
100 /var/lib/