Tíquete #38928

Password Exposed

: 2019-02-05 00:12 Última Atualização: 2019-06-12 12:17

Relator:
(Anônimo)
Dono:
(Nenhum)
Tipo:
Estado:
Aberto
Componente:
Marcos:
(Nenhum)
Prioridade:
9 - Highest
Gravidade:
9 - Highest
Resolução:
Nenhum
Arquivo:
Nenhum
Vote
Score: 0
No votes
0.0% (0/0)
0.0% (0/0)

Details

Hello,

Once you have a TTL file set up and run it , it open teraterm , and places the connection details in command manager including the users password , need that to be suppressed

Ticket History (3/5 Histories)

2019-02-05 00:12 Updated by: None
  • New Ticket "Password Exposed " created
2019-02-05 12:17 Updated by: (del#1144)
Comentário

That means ttermpro.exe must overwrite ARGV to hide the command line parameters? Do you tell the same suggestion to all applications in the world that accepts a password by command line parameter?

If someone can read command line parameters from running process, he already has some privirage in that PC. Doesn't he can read the password from ttl file?

2019-02-09 02:55 Updated by: None
Comentário

any user can run task manager and see the password

2019-06-11 18:43 Updated by: jing
Comentário

command prompto> wmic process where "name = \"ttermpro.exe\"" get name,commandline

ttermpro へのオプションに指定された内容は、全部閲覧可能(/passwd=*** のパスワードも平文)ということと理解。

でも、オプション指定の内容表示は、OS側(Windows側)の仕様じゃないかな。 SSH を使うなら、/passwd を指定しないことの徹底かな。

(Edited, 2019-06-11 18:44 Updated by: jing)
2019-06-12 12:17 Updated by: doda
Comentário

workaround: use connect comand in two steps.

; launch Tera Term
connect '/DS'

; connect to server
connect 'server:port /auth=password /passwd="password"'

Attachment File List

No attachments

Editar

You are not logged in. I you are not logged in, your comment will be treated as an anonymous post. » Login