Ticket #38928

Password Exposed

Date d'ouverture: 2019-02-05 00:12 Dernière mise à jour: 2019-06-12 12:17

Rapporteur:
(Anonyme)
Propriétaire:
(Aucun)
Type:
État:
Ouvert
Composant:
Jalon:
(Aucun)
Priorité:
9 - le plus élevé
Sévérité:
9 - le plus élevé
Résolution:
Aucun
Fichier:
Aucun
Vote
Score: 0
No votes
0.0% (0/0)
0.0% (0/0)

Détails

Hello,

Once you have a TTL file set up and run it , it open teraterm , and places the connection details in command manager including the users password , need that to be suppressed

Ticket History (3/5 Histories)

2019-02-05 00:12 Updated by: None
  • New Ticket "Password Exposed " created
2019-02-05 12:17 Updated by: (del#1144)
Commentaire

That means ttermpro.exe must overwrite ARGV to hide the command line parameters? Do you tell the same suggestion to all applications in the world that accepts a password by command line parameter?

If someone can read command line parameters from running process, he already has some privirage in that PC. Doesn't he can read the password from ttl file?

2019-02-09 02:55 Updated by: None
Commentaire

any user can run task manager and see the password

2019-06-11 18:43 Updated by: jing
Commentaire

command prompto> wmic process where "name = \"ttermpro.exe\"" get name,commandline

ttermpro へのオプションに指定された内容は、全部閲覧可能(/passwd=*** のパスワードも平文)ということと理解。

でも、オプション指定の内容表示は、OS側(Windows側)の仕様じゃないかな。 SSH を使うなら、/passwd を指定しないことの徹底かな。

(Edited, 2019-06-11 18:44 Updated by: jing)
2019-06-12 12:17 Updated by: doda
Commentaire

workaround: use connect comand in two steps.

; launch Tera Term
connect '/DS'

; connect to server
connect 'server:port /auth=password /passwd="password"'

Attachment File List

No attachments

Modifier

You are not logged in. I you are not logged in, your comment will be treated as an anonymous post. » Connexion