#126 rdesktop 1.3.1 captures xscreensaver password

open
nobody
None
5
2012-11-29
2004-08-10
Anonymous
No

yikes!

my UNIX password keeps getting IM'd to people because I
use rdesktop to get to MSN messenger on a Windows machine

Discussion

  • Brian Dudek

    Brian Dudek - 2004-08-12

    Logged In: YES
    user_id=1102939

    I have also seen this. This is the text I posted and
    reported to comp.os.linux.security and Bugzilla on 8/3/2004

    If I make an desktop connection to a Windows XP box fire up
    Word and any document, then lock the Fedora Gnome desktop,
    type my password into the XscreenSaver dialog window to
    unlock Gnome my password shows up in plain text within Word
    in the rdesktop connection.

    Here is the Windows version stuff:
    Windows XP SP 1 with all patches
    MS Word (XP) 2002 SP3

    Fedora version stuff:
    rdesktop-1.3.1-3
    xscreensaver-4.14-5

     
  • Nobody/Anonymous

    Logged In: NO

    I've run in to this too.

    Very very annoying and problematic security wise. I ended up
    with a printed document that had my screensaver password in it.

     
  • Ilya Konstantinov

    Logged In: YES
    user_id=335423

    Patch 1042089 offers a solution for this.