Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 72634 - net-misc/nxserver-freenx: log shows password in clear text
Summary: net-misc/nxserver-freenx: log shows password in clear text
Status: RESOLVED DUPLICATE of bug 62912
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: x86 Linux
: High normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-11-27 07:22 UTC by veezi
Modified: 2011-10-30 22:38 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description veezi 2004-11-27 07:22:27 UTC 
nxserver-freenx-0.2.4 installation, with logging enabled. Connecting from nxclient with 'Windows' desktop will log the user password in clear text in /tmp/nxserver.log.

It's understood that nxdesktop (Windows RDP) currently does not work, but I think this is a security risk.

Also, not sure since I haven't tried them, this could possibly be true for the commercial versions of nxserver as well.

Reproducible: Always
Steps to Reproduce:
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2004-11-27 11:18:16 UTC 
nxserver-freenx is currently security-masked because it's very insecure to use. Passwords in verbose logs are just one more vulnerability that shows they didn't do their security homework well :)

I'll regroup this bug with bug 62912 if you don't mind.

*** This bug has been marked as a duplicate of 62912 ***