Hi all, I was looking over the application logs on the Server 2012 that I have Web Connect installed on. I noticed that user names and passwords are being logged in plaintext. Can this be by design?
Hi, what version of Web Connect are you using?
The project started as a proof of concept a couple of years ago by other members of the FreeRDP community, since then obvious security issues like password logging have been removed.
We're currently rewriting wsgate (the server WebConnect component) to overcome the stability and design issues of the project.
I noticed the same issue with the FreeRDP WebConnect Version 1.2.0.320 I downloaded from http://www.cloudbase.it/freerdp-html5-proxy-windows/ a few months ago. Was the installer updated in the last couple of months?
I downloaded it from cloudbase also, WebConnect, Version 1.2.0.320 in early October. I would love to use this product, but I can't with this logging. If there is anything I can do help, let me know...
Sorry for the late reply on your last comment: FreeRDP-WebConnect logs the credentials only when debug is "true", can you please ensure that it's set to false in your environment?
Asked: 2014-10-24 21:43:02 +0200
Seen: 2,884 times
Last updated: Oct 28 '14
© 2014-2023 Cloudbase Solutions Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
That issue was brought up earlier - http://ask.cloudbase.it/question/25/wsgate-logging-password-information/ . Have you turned debug on?
No, it is a default install of WebConnect, Version 1.2.0.320 running on Server 2012 R2. I see [global] debug=false, in wsgate.ini