Ticket #38928

Password Exposed

Eröffnet am: 2019-02-05 00:12 Letztes Update: 2019-06-12 12:17

Auswertung:
(Anonym)
Verantwortlicher:
(Keine)
Typ:
Status:
Offen
Komponente:
Meilenstein:
(Keine)
Priorität:
9 - Höchste
Schweregrad:
9 - Höchste
Lösung:
Keine
Datei:
Keine
Vote
Score: 0
No votes
0.0% (0/0)
0.0% (0/0)

Details

Hello,

Once you have a TTL file set up and run it , it open teraterm , and places the connection details in command manager including the users password , need that to be suppressed

Ticket-Verlauf (3/5 Historien)

2019-02-05 00:12 Aktualisiert von: None
  • New Ticket "Password Exposed " created
2019-02-05 12:17 Aktualisiert von: maya
Kommentar

That means ttermpro.exe must overwrite ARGV to hide the command line parameters? Do you tell the same suggestion to all applications in the world that accepts a password by command line parameter?

If someone can read command line parameters from running process, he already has some privirage in that PC. Doesn't he can read the password from ttl file?

2019-02-09 02:55 Aktualisiert von: None
Kommentar

any user can run task manager and see the password

2019-06-11 18:43 Aktualisiert von: jing
Kommentar

command prompto> wmic process where "name = \"ttermpro.exe\"" get name,commandline

ttermpro へのオプションに指定された内容は、全部閲覧可能(/passwd=*** のパスワードも平文)ということと理解。

でも、オプション指定の内容表示は、OS側(Windows側)の仕様じゃないかな。 SSH を使うなら、/passwd を指定しないことの徹底かな。

(Edited, 2019-06-11 18:44 Aktualisiert von: jing)
2019-06-12 12:17 Aktualisiert von: doda
Kommentar

workaround: use connect comand in two steps.

; launch Tera Term
connect '/DS'

; connect to server
connect 'server:port /auth=password /passwd="password"'

Dateianhangliste

Keine Anhänge

Bearbeiten

You are not logged in. I you are not logged in, your comment will be treated as an anonymous post. » Anmelden