Details
-
Bug
-
Status: Closed
-
Trivial
-
Resolution: Fixed
-
1.4.0, 1.5.0
-
None
Description
The following HTTP requests example generated by Guacamole client contains authentication service tokens via URL query parameters, which could be leaked from server log files, “Referer header” of HTTP request, etc.
Example: GET /api/session/tunnels/<tunnel ID>/protocol?token=<token>
This has been found in 1.4.0 and 1.5.0.
Attachments
Issue Links
- relates to
-
GUACAMOLE-956 Migrate away from including auth token within REST API URLs
- Closed