> > > > Are you experiencing any actual problems using the Guacamole web > application? Are you modifying the code at all, either before or after > building it? > > *I am not facing any problem as such, except for the fact, that i never > got this error in earlier versions. * >
Guacamole has behaved this way for many, many versions, now - this is not new behavior. > *Also, there is an authentication token defect, which our tester logged. > It says that the permission token that gets generated on login, remains > active, even after the user logout. After logout, one can make a new login > request, replace the old permission token in the request, and can view all > the permissions as demonstrated below:* > > I cannot reproduce this issue in my environment. That said, any issues which you believe may have security implications should be privately reported to our security@ mailing list. If you or your test team is able to reliably reproduce this issue, then please report to the security@ list so that we can investigate further. https://guacamole.apache.org/security/ -Nick >
