PCoIP Agent could log part of user's password

Advisory Information

  • Advisory ID: TERA-SA-000073
  • CVE Numbers and Scores:
  • Published: 9 Feb. 2021
  • Last Updated: 9 Feb. 2021
  • Download PDF

Summary

Under certain conditions, Teradici PCoIP Agents for Windows prior to version 20.10.0 and Teradici PCoIP Agents for Linux prior to version 21.01.0 may log parts of a user's password in the application logs.


Affected Products

  • PCoIP Standard Agent for Windows prior to 20.10.0
  • PCoIP Standard Agent for Linux prior to 21.01.0
  • PCoIP Graphics Agent for Windows prior to 20.10.0
  • PCoIP Graphics Agent for Linux prior to 21.01.0

Solutions and Mitigations

Available Updates

The latest PCoIP Agents for Windows and Linux are available from here.

Vulnerability Details

CVE-2021-25688

Under certain conditions, Teradici PCoIP Agents for Windows prior to version 20.10.0 and Teradici PCoIP Agents for Linux prior to version 21.01.0 may log parts of a user's password in the application logs.

Remark

Vulnerability classification has been performed using the CVSSv3 scoring system. The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.


Additional Resources

https://docs.teradici.com/find/product/cloud-access-software


Revision History

9 Feb. 2021: Initial Publication


Legal Disclaimer

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. TERADICI RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.