| Summary: | net-misc/xrdp: Cleartext password shown in file after logging into xrdp session | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | trivial | CC: | mgorny |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1404969 | ||
| Whiteboard: | ~3 [noglsa/cve] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 607096 | ||
| Bug Blocks: | |||
@ Maintainer(s): Please bump to >=net-misc/xrdp-0.9.1 x11rdp and xrdp are removed, per bug 607096. Presumably this can now be closed. Thank you for your work. |
From ${URL} : When successfully logging in using RDP into a xrdp session, the file ~/.vnc/sesman_${username}_passwd is created. Its content is the equivalent of the users clear text password, DES encrypted with a known key. Upstream bug: https://github.com/neutrinolabs/xrdp/pull/497 @maintainer(s): since the package or the affected version has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.