[Secure-testing-team] Bug#714588: x2goclient allows clipboard sniffing
Christoph Anton Mitterer
calestyo at scientia.net
Mon Jul 1 02:27:56 UTC 2013
Package: x2goclient
Version: 4.0.1.0-1
Severity: grave
Tags: security
Justification: user security hole
Hi.
It seems that per default (and I even found no way to disable it) x2goclient (and perhaps other
related tools?) transmit the content of the clipboard to the remote host.
As this may easily contain passwords or other sensitive information, this is a extremely
critical hole.
Cheers,
Chris.
More information about the Secure-testing-team
mailing list