Description |
A security issue has been found in Barrier before version 2.4.0. Knowing a valid client name allows information leaks and server manipulation. By default, newly added clients in the barrier GUI application on the server side get assigned the name "Unnamed". When an attacker knows a valid client name then it can specify this name in its Hello message and will be able to enter a fully active session state. In this state the client can receive input device events from the server, claim the clipboard or even inject arbitrary new clipboard content on the server. |