Thursday, April 13, 2017

windows - Remote Desktop Clipboard Sharing - Security Risk?



If I connect to a server with RDP and share my clipboard with the server, are there any security risks of my clipboard being availble to other people logging onto the same server?



e.g.




  1. I have a password saved in my local clipboard


  2. I connect to the server "example.com" using Remote Desktop, username "administrator".

  3. My local password is now available to paste into the remote desktop session.

  4. I close the RD window without logging off.

  5. Another user logs on via RDP without clipboard sharing enabled or on the actual machine itself as "administrator".

  6. Under normal conditions is my password available for the other user to paste?



My above question is assuming there is nothing installed on the server that will grab clipboard entries and save them, except for what is supplied with Windows as standard. I realise that if I connected to an untrusted or compromised server with clipboard sharing enabled all bets are off. I am asking whether Windows has the built in mechanism to clear the shared clipboard upon disconnection.


Answer



I just tried it using the regular RDP client to a Windows Server guest. With clipboard off, it is "cleared" when a user connects to the guest. With clipboard sharing enabled on connection, it uses the contents of the connecting user's clipboard.




So, there is no security risk in allowing shared clipboards.


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...