Mremoteng: Passwords Exported in ClearText (.csv)

Created on 24 Aug 2018  路  3Comments  路  Source: mRemoteNG/mRemoteNG

When exporting connections using the .csv, the password is displayed in clear text. The doesn't occur when exporting to .xml.

To reproduce on Windows 10 build (1803):

  1. Select File, Export to File.
  2. Select the file format for .csv.
  3. Export and open file.
picture PCNerd2001

All 3 comments

There is really no way for us to export and then re-import encrypted text using csv format in a nice way. We need to provide a number of details in the .xml format to tell mRemoteNG how to decrypt it. If we do the same in csv format, we need to include that data in every row of the csv. If we provide the encrypted value but no indication of how it was encrypted, then it will be essentially impossible to decrypt it. Why provide the value at all, at that point?

Maybe we should provide a large warning when exporting CSV with the Password field selected? That way it is very obvious that unsecure stuff is about to happen. Maybe even unselect the Password field by default so it doesn't accidentally get included?

sparerd picture sparerd on 24 Aug 2018
👍1

For that matter, the external tools window should provide a similar warning when tools include the %Password% variable. It would be good practice for us to warn users about these clear text password situations.

sparerd picture sparerd on 24 Aug 2018
👍1

Thanks for the response! I appreciate your hard work and a great product.

PCNerd2001 picture PCNerd2001 on 24 Aug 2018
😄1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

iron51 picture iron51  路  3Comments
pfjason picture pfjason  路  4Comments
nerddtvg picture nerddtvg  路  3Comments
mattbob-brock picture mattbob-brock  路  3Comments
senseof94 picture senseof94  路  4Comments