Data egress via audio #175
Assignees
Labels
bug
Something isn't working
EPIC - Pen-test fixes
Fixing security issues found during penetration testing
MVP
Things that need to be considered for the MVP release
Comments
TonyWildish-BH
added
bug
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The penetration testing report showed that (page 21):
Narration tools available by default could be used to exfiltrate data from the environment, whereby an attacker could leverage speech to text tools to convert to its original format.
This can be addressed via Guacamole, by setting
disable-audiototruein theguacamole.propertiesfile.It would also be useful to allow the possibility of enabling audio, if needed for accessibility purposes.
This is a medium level risk, but is something we must fix before the next pen-test.
The text was updated successfully, but these errors were encountered: