FreeRDP-WebConnect icon indicating copy to clipboard operation
FreeRDP-WebConnect copied to clipboard

Published 20 hours ago verified publisher icon FreeRDP

Security issue: Hyper-V Server password is stored in plain text in wsgate.ini on installing FreeRDP-Webconnect

Open surya17 opened this issue 10 years ago • 3 comments

On installing FreeRDP-Webconnect MSI, [hyperv] section in wsgate.ini conf stores Hyper-V Server password in plain/text which is high security risk. It needs to be encrypted and stored in the file

surya17 avatar Aug 21 '15 10:08 surya17

The security risk applies only if wsgate.ini doesn't have proper restricted permissions, exactly like, e.g. /etc/nova.conf.

Said that, there are two ways to overcome the need for storing the credentials:

  1. on Windows, the user running wsgate can authenticate on the hyper-v host using domain or passtrough credentials. In this case there's no need to provide a separate user's credentials in the config file.

  2. for future versions, we are thinking about the Win32 credentials API, but in that case a similar primitive must be supported on Linux as well

alexpilotti avatar Aug 21 '15 11:08 alexpilotti

Regarding your first option, On windows, I see "FreeRDP-Webconnect" is the user running wsgate service. How do i use this "FreeRDP-Webconnect" user to authenticate Hyprer-V server and access instance console?

surya17 avatar Aug 24 '15 05:08 surya17

Why can't you connect to a Hyper-v virtual machine after compilation

yang-juan avatar Oct 10 '19 01:10 yang-juan