Amazon has pinpointed a concern in its WorkSpaces Windows Client versions 5.9.0 and 5.10.0 where connection debug logs were unintentionally stored on the user’s device. If a username or password contained a backslash () or double quotes (“), they might be logged. The issue is fixed in versions 5.11.0 and 5.12.0, with the latter also erasing prior problematic logs and offering enhanced features. We advise updating to version 5.12.0 for its benefits.
AWS has actively reached out to affected users and informed a limited number about potential password changes.
For further inquiries, contact Amazon Security at aws-security@amazon.com.