Security issue: Hyper-V Server password is stored in plain text in wsgate.ini on installing FreeRDP-Webconnect

[surya17]

On installing FreeRDP-Webconnect MSI, [hyperv] section in wsgate.ini conf stores Hyper-V Server password in plain/text which is high security risk. It needs to be encrypted and stored in the file

[alexpilotti]

The security risk applies only if wsgate.ini doesn't have proper restricted permissions, exactly like, e.g. /etc/nova.conf.

Said that, there are two ways to overcome the need for storing the credentials:

1) on Windows, the user running wsgate can authenticate on the hyper-v host using domain or passtrough credentials. In this case there's no need to provide a separate user's credentials in the config file.

2) for future versions, we are thinking about the Win32 credentials API, but in that case a similar primitive must be supported on Linux as well

[surya17]

Regarding your first option, On windows, I see "FreeRDP-Webconnect" is the user running wsgate service. How do i use this "FreeRDP-Webconnect" user to authenticate Hyprer-V server and access instance console?

[yang-juan]

Why can't you connect to a Hyper-v virtual machine after compilation