Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Groups
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse

Veyon Community Forum
  1. Home
  2. Help & Troubleshooting
  3. Issue and security bug with "connect user" feature (Ubuntu 22.04 Mate and lightdm)

Issue and security bug with "connect user" feature (Ubuntu 22.04 Mate and lightdm)

Scheduled Pinned Locked Moved Help & Troubleshooting
1 Posts 1 Posters 35 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • E Offline
    E Offline
    erict
    wrote on last edited by
    #1

    Hi,

    I'm testing Veyon 4.8.2 before upgrading my rooms on ubuntu Mate 22.04 (lightdm), and I met an issue, which is, actually a big security bug, I think.

    Description :
    Trying to connect on a computer, with the "connect user" feature : it doesn't work. I took a look at the client computer on which I wanted to connect, and surprise :
    On the lightdm login screen, I can see it is waiting for a password, and the name of the user (clearly readable in the interface) is... the password of the user !!!

    Explanation (guessed)
    I think it's due to sequence used to send login to login manager : login + <Tab> + password + <Return>. In lightdm, this should be login + <Return> + password + <Return>

    Workaround (existing, but...)
    In master interface, if you select the advanced mode view, you get a "linux" chapter, in which you can modify this sequence, and make it work.
    But : I couldn't find where this config is stored to be able to configure veyon-cli.
    If I change this value in veyon-master, the value is still the same after log off and restart of veyon-master, but there is no difference between conf files exported before and after this change. Nothing more in .veyon user's files

    Conclusion :
    First, the simple part : Where is this option (linux -> sequence of keys for login) stored ? And could it be available in veyon-cli ?
    Then, the tricky part (maybe)
    I think it's really a bug that login credentials can be visible on lightdm screen (students in classroom can see that). Systems in my classrooms are not all the same, some with gdm, others with lightdm... I can be 100% sure, I won't never make a mistake between configurations. I Have disabled this feature in my rooms, and I don't think I will enable it back, as long as login operations appear on lightdm login screen.
    Not really important for me, teachers don't need it.
    But, for those who need : be carefull.
    For developers : I think this fact (login operations visible in lightdm login screen visible) should be notified in documentation, as a security warning, as long as it is present, no ?

    One more time : thanks to veyon devs for their work
    Regards

    E.T.

    1 Reply Last reply
    0

    Powered by NodeBB | Contributors
    • Login
    • Don't have an account? Register
    • Login or register to search.
    • First post
      Last post
    0
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups