In the last post, we looked at the risks of local port forwarding and how it’s difficult to prevent malicious users from connecting to other user’s TCP tunnels in a multi-user environment. Before version 2.7, the TCP tunnels created by IAP Desktop were as prone to being hijacked by other users as tunnels created by SSH or gcloud compute start-iap-tunnel. But as of version 2.7, attempting to connect to any of IAP Desktop’s tunnels by using mstsc or any other program fails and causes a wa...
