Walid MOGHRABI
2018-05-09 14:00:43 UTC
package: x2goclient
version: 4.1.2.0-0~1750~ubuntu16.04.1
priority: bug
In broker/tce mode, when I connect a new session on TCE-CLIENT-1, if I live migrate the running session on TCE-CLIENT-2, the session is detached from client 1 to client 2 correctly (suspended on client 1 and correctly resumed on client 2) but x2goclient doesn't close itself on client 1 once session is detached.
The client stays opened on the sessions profiles list with the currently logged in user instead of closing itself and getting back to the broker login prompt.
This is a major security issue since anyone can then just click on a session profile to connect with the current user credentials.
Regards,
Walid Moghrabi
TRAVAUX.COM
BAT I - PARC CEZANNE 2 290 AVENUE GALILEE - CS 80403
13591 AIX EN PROVENCE CEDEX 3
---
DISCLAIMER: This e-mail is private and confidential and may contain proprietary or legally privileged information. It is for the intended recipient only. If you have received this email in error, please notify the author by replying to it and then destroy it. If you are not the intended recipient you must not use, disclose, distribute, copy, print or rely on this e-mail or any attachment. Thank you
version: 4.1.2.0-0~1750~ubuntu16.04.1
priority: bug
In broker/tce mode, when I connect a new session on TCE-CLIENT-1, if I live migrate the running session on TCE-CLIENT-2, the session is detached from client 1 to client 2 correctly (suspended on client 1 and correctly resumed on client 2) but x2goclient doesn't close itself on client 1 once session is detached.
The client stays opened on the sessions profiles list with the currently logged in user instead of closing itself and getting back to the broker login prompt.
This is a major security issue since anyone can then just click on a session profile to connect with the current user credentials.
Regards,
Walid Moghrabi
TRAVAUX.COM
BAT I - PARC CEZANNE 2 290 AVENUE GALILEE - CS 80403
13591 AIX EN PROVENCE CEDEX 3
---
DISCLAIMER: This e-mail is private and confidential and may contain proprietary or legally privileged information. It is for the intended recipient only. If you have received this email in error, please notify the author by replying to it and then destroy it. If you are not the intended recipient you must not use, disclose, distribute, copy, print or rely on this e-mail or any attachment. Thank you