mRemoteNG icon indicating copy to clipboard operation
mRemoteNG copied to clipboard
verified publisher icon mRemoteNG

Public Disclosure of issue 726

Open Kvarkas opened this issue 2 years ago • 21 comments

The passwords of the connection files are stored as plain text values in the memory of the mRemteNG process, even before a connection is established. This fulfills the requirement of CWE-316 - Cleartext Storage of Sensitive Information in Memory. https://github.com/mRemoteNG/mRemoteNG/issues/726

  1. Create a new connection configuration, set hostname, username and password.
  2. (Optional) Enable encryption of the configuration file.
  3. Restart mRemoteNG
  4. Use Task Manager / Processhacker / Procdump or any other tool that can create minidumps of a process to create a minidump.
  5. Examine the minidump file and look for the password from step one.

Your Environment

  • Version used: 1.77.3 dev
  • Windows 11

Reported by Maximilian Barz

Kvarkas avatar Apr 03 '23 17:04 Kvarkas

CVE-2023-30367 has been published:

  • https://github.com/S1lkys/CVE-2023-30367-mRemoteNG-password-dumper
  • https://www.secuvera.de/advisories/secuvera-SA-2023-01.txt

S1lkys avatar Jul 21 '23 09:07 S1lkys

To follow this ticket.

Neustradamus avatar Aug 17 '23 00:08 Neustradamus

Hello, as this issue was opened almost one year ago and is marked "high priority", I'd like to ask for the current status.

felsgaertner avatar Mar 14 '24 12:03 felsgaertner