[FreeNX-kNX] Security weakness in NX-FreeNx client
Dominique Blas
ml at blas.net
Fri Oct 21 14:30:12 UTC 2005
Hi,
I'm trying to use FreeNX as a NX client and as I said before it doesn't
work whereas, in the same configuration on the server, it works with a
Win32 NX client.
Well, the problem today is that the log on the client side make obvious
reference to the private key. Indeed, the private key is copied as many
times as there is a
journal. The journal is made in the .nx/temp directory with sshlog,
runlog and keylog files, the latest being a copy of the private key. And
this temp directory is persistant!
As you SHOULD know a private key MUST be kept secret. Not only the
client SHOULD be care of that by proposing a method protecting the key
(that is readable in db.nxs)
but the client MUSTN'T copy the key several times !
Regards,
db
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/freenx-knx/attachments/20051021/f537f9d7/attachment.html>
More information about the FreeNX-kNX
mailing list