-
Notifications
You must be signed in to change notification settings - Fork 14.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
mstshash is set to the username #10256
Comments
@akallabeth what do you think is the right action here? |
@hedwigz good question. |
@akallabeth how about an opt-out command line argument? |
not sure a commandline is a good idea for such stuff. |
The Client X.224 Connection Request has a field
routingToken
which is optional. FreeRDP sets this value to the username (code). Since this message is sent before the connection is encrypted, it potentially leaks usernames to the network.I tested to see whether mstsc sets this field to the username and I found that it does not
The text was updated successfully, but these errors were encountered: