From 54544dd2aa26b9c4a1bbba2d14563d2790d816c9 Mon Sep 17 00:00:00 2001 From: Robert Rostek Date: Tue, 3 Oct 2023 10:52:41 +0200 Subject: [PATCH 1/3] use pwfile instead of pw for puttyng --- mRemoteNG/Connection/Protocol/PuttyBase.cs | 28 +++++++++++++++++++--- 1 file changed, 25 insertions(+), 3 deletions(-) diff --git a/mRemoteNG/Connection/Protocol/PuttyBase.cs b/mRemoteNG/Connection/Protocol/PuttyBase.cs index 302243ef..fad2b60c 100644 --- a/mRemoteNG/Connection/Protocol/PuttyBase.cs +++ b/mRemoteNG/Connection/Protocol/PuttyBase.cs @@ -13,6 +13,9 @@ using mRemoteNG.Properties; using mRemoteNG.Resources.Language; using System.IO; using System.Runtime.Versioning; +using System.IO.Pipes; +using Google.Protobuf.WellKnownTypes; +using System.Linq; // ReSharper disable ArrangeAccessorOwnerBody @@ -57,6 +60,19 @@ namespace mRemoteNG.Connection.Protocol return !PuttyProcess.HasExited; } + public void CreatePipe(object oData) + { + string data = (string)oData; + string random = data[..8]; + string password = data[8..]; + var server = new NamedPipeServerStream($"mRemoteNGSecretPipe{random}"); + server.WaitForConnection(); + StreamWriter writer = new(server); + writer.Write(password); + writer.Flush(); + server.Dispose(); + } + public override bool Connect() { string optionalTemporaryPrivateKeyPath = ""; // path to ppk file instead of password. only temporary (extracted from credential vault). @@ -74,7 +90,7 @@ namespace mRemoteNG.Connection.Protocol } }; - var arguments = new CommandLineArguments {EscapeForShell = false}; + var arguments = new CommandLineArguments { EscapeForShell = false }; arguments.Add("-load", InterfaceControl.Info.PuttySession); @@ -140,7 +156,7 @@ namespace mRemoteNG.Connection.Protocol break; } } - + if (string.IsNullOrEmpty(password) && !string.IsNullOrEmpty(optionalTemporaryPrivateKeyPath)) { @@ -162,7 +178,13 @@ namespace mRemoteNG.Connection.Protocol if (!string.IsNullOrEmpty(password)) { - arguments.Add("-pw", password); + string random = string.Join("", Guid.NewGuid().ToString("n").Take(8).Select(o => o)); + // write data to pipe + var thread = new Thread(new ParameterizedThreadStart(CreatePipe)); + thread.Start($"{random}{password}"); + // start putty with piped password + arguments.Add("-pwfile", $"\\\\.\\PIPE\\mRemoteNGSecretPipe{random}"); + //arguments.Add("-pw", password); } } From 13f8f82537f0d663f4bd1de97b065673fea1a908 Mon Sep 17 00:00:00 2001 From: Robert Rostek Date: Tue, 3 Oct 2023 10:53:34 +0200 Subject: [PATCH 2/3] update changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5fcf6302..7caf5921 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), - #2261: Implement Show/Hide file menu in view menu - #2244: Save RCG and RestrictedAdmin fields correctly in connections file - #2195: Fix crafted XML File Code Execution vulnerability +- #304: use pwfile instead of cleartext password for puttyng ### Added - #2285: Support extraction of SSH private keys from external cred prov From ec3a0cee9bcb6a10ac63c1a7c31b41483e6d46e0 Mon Sep 17 00:00:00 2001 From: Robert Rostek Date: Tue, 3 Oct 2023 10:55:27 +0200 Subject: [PATCH 3/3] remove unnecessary usings --- mRemoteNG/Connection/Protocol/PuttyBase.cs | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/mRemoteNG/Connection/Protocol/PuttyBase.cs b/mRemoteNG/Connection/Protocol/PuttyBase.cs index fad2b60c..cb139161 100644 --- a/mRemoteNG/Connection/Protocol/PuttyBase.cs +++ b/mRemoteNG/Connection/Protocol/PuttyBase.cs @@ -1,5 +1,6 @@ using mRemoteNG.App; using mRemoteNG.Messages; +using mRemoteNG.Resources.Language; using mRemoteNG.Security.SymmetricEncryption; using mRemoteNG.Tools; using mRemoteNG.Tools.Cmdline; @@ -7,15 +8,12 @@ using mRemoteNG.UI; using System; using System.Diagnostics; using System.Drawing; +using System.IO; +using System.IO.Pipes; +using System.Linq; +using System.Runtime.Versioning; using System.Threading; using System.Windows.Forms; -using mRemoteNG.Properties; -using mRemoteNG.Resources.Language; -using System.IO; -using System.Runtime.Versioning; -using System.IO.Pipes; -using Google.Protobuf.WellKnownTypes; -using System.Linq; // ReSharper disable ArrangeAccessorOwnerBody