Ares created GUACAMOLE-1775:
-------------------------------
Summary: Auth token as a parameter in "session/tunnels/<tunnel
ID>/protocol" request
Key: GUACAMOLE-1775
URL: https://issues.apache.org/jira/browse/GUACAMOLE-1775
Project: Guacamole
Issue Type: Bug
Components: guacamole, guacamole-client
Affects Versions: 1.5.0, 1.4.0
Reporter: Ares
The following HTTP requests example generated by Guacamole client contains
authentication service tokens via URL query parameters, which could be leaked
from server log files, “Referer header” of HTTP request, etc.
Example: GET /api/session/tunnels/<tunnel ID>/protocol?token=<token>
This has been found in 1.4.0 and 1.5.0.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
