New Question

WebConnect user names and passwords are being logged in plaintext

asked 2014-10-24 21:43:02 +0300

Andrew Precht gravatar image

Hi all, I was looking over the application logs on the Server 2012 that I have Web Connect installed on. I noticed that user names and passwords are being logged in plaintext. Can this be by design?

edit retag flag offensive close merge delete


That issue was brought up earlier - . Have you turned debug on?

Alex gravatar imageAlex ( 2014-10-28 03:47:37 +0300 )edit

No, it is a default install of WebConnect, Version running on Server 2012 R2. I see [global] debug=false, in wsgate.ini

Andrew Precht gravatar imageAndrew Precht ( 2014-10-30 21:15:59 +0300 )edit

1 answer

Sort by » oldest newest most voted

answered 2014-10-28 03:25:15 +0300

alexpilotti gravatar image

Hi, what version of Web Connect are you using?

The project started as a proof of concept a couple of years ago by other members of the FreeRDP community, since then obvious security issues like password logging have been removed.

We're currently rewriting wsgate (the server WebConnect component) to overcome the stability and design issues of the project.

edit flag offensive delete link more


I noticed the same issue with the FreeRDP WebConnect Version I downloaded from a few months ago. Was the installer updated in the last couple of months?

Alex gravatar imageAlex ( 2014-10-28 03:40:15 +0300 )edit

I downloaded it from cloudbase also, WebConnect, Version in early October. I would love to use this product, but I can't with this logging. If there is anything I can do help, let me know...

Andrew Precht gravatar imageAndrew Precht ( 2014-10-30 21:14:51 +0300 )edit

Sorry for the late reply on your last comment: FreeRDP-WebConnect logs the credentials only when debug is "true", can you please ensure that it's set to false in your environment?

alexpilotti gravatar imagealexpilotti ( 2014-12-10 15:54:24 +0300 )edit

Could it be that this issue is still valid? Debug is set to false, but in the windows event log the username/password is still logged.

stael gravatar imagestael ( 2015-03-10 13:08:52 +0300 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2014-10-24 21:43:02 +0300

Seen: 2,786 times

Last updated: Oct 28 '14