Dear all,
I started to test configuration/customization of TCP/UDP Service in PAM (tested in 3.2.5 and 3.3.1).
During my test I notice a possible security leak and I would like to know if there is something that is not correct in my customization and that allow this security problem.
I tried, for example, to configure PUTTY as service TCP/UDP:
with the following Client Application string:
"C:\Program Files\PuTTY\putty.exe" -ssh capam@<Local IP> <First Port> -pw <password> -l <username>
and tried also
"C:\Program Files\PuTTY\putty.exe" -ssh <username>@<Local IP> <First Port> -pw <password>
The connection works without problem, but if I checked the task manager, I can see the
plain text string
I can see this behavior with different 3rd party tool.
Is it a limitation due 3rd party tool behavior? And if so, why the username is not in plain text but the password is?
Or there is something that I miss during the configuration that I never notice before?
Thanks for your support.
Regards,
Andrea Gimmelli