Remmina drops clear text password in target desktop
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| remmina (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
Bug Description
I tried to report this to the developers, but there has been no action for months. Since Remmina is being touted as the primary RDP client for Ubuntu, I thought you all needed to be warned. I have since switched to KRDC, by the way.
The bug is logged on:
https:/
The haiku version:
Your Windows password
Has just been typed in clear text
Into some window.
Basically, if you are logging into an existing Windows session using RDP under Remmina, the application passes the Windows login password - in clear text - to whatever window has focus in the Windows session. I found that this worked for several types of windows, including UNIX windows being emulated with an X server (Exceed). The passing of plaintext password keystrokes in the system, to say nothing of the password sitting in some window, clearly defeats quite a bit of Windows security.
I do not believe that Remmina is under active development, so it looks like it's up to you all to either get this fixed or switch the default RDP client to something safer, IMO.
I'm using 13.10, although I believe that I saw this originally on 13.04 (no work has been done on this bug as far as I know). I did try to report this bug automatically, but my connection would not let me get into the descriptive part before losing contact with the server.
| information type: | Private Security → Public Security |
| Changed in remmina (Ubuntu): | |
| status: | New → Confirmed |
