** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to remmina in Ubuntu. https://bugs.launchpad.net/bugs/1307872
Title: Remmina drops clear text password in target desktop Status in “remmina” package in Ubuntu: New Bug description: I tried to report this to the developers, but there has been no action for months. Since Remmina is being touted as the primary RDP client for Ubuntu, I thought you all needed to be warned. I have since switched to KRDC, by the way. The bug is logged on: https://github.com/FreeRDP/Remmina/issues/218 The haiku version: Your Windows password Has just been typed in clear text Into some window. Basically, if you are logging into an existing Windows session using RDP under Remmina, the application passes the Windows login password - in clear text - to whatever window has focus in the Windows session. I found that this worked for several types of windows, including UNIX windows being emulated with an X server (Exceed). The passing of plaintext password keystrokes in the system, to say nothing of the password sitting in some window, clearly defeats quite a bit of Windows security. I do not believe that Remmina is under active development, so it looks like it's up to you all to either get this fixed or switch the default RDP client to something safer, IMO. I'm using 13.10, although I believe that I saw this originally on 13.04 (no work has been done on this bug as far as I know). I did try to report this bug automatically, but my connection would not let me get into the descriptive part before losing contact with the server. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/remmina/+bug/1307872/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
