nxserver-freenx-0.2.4 installation, with logging enabled. Connecting from nxclient with 'Windows' desktop will log the user password in clear text in /tmp/nxserver.log. It's understood that nxdesktop (Windows RDP) currently does not work, but I think this is a security risk. Also, not sure since I haven't tried them, this could possibly be true for the commercial versions of nxserver as well. Reproducible: Always Steps to Reproduce:
nxserver-freenx is currently security-masked because it's very insecure to use. Passwords in verbose logs are just one more vulnerability that shows they didn't do their security homework well :) I'll regroup this bug with bug 62912 if you don't mind. *** This bug has been marked as a duplicate of 62912 ***