ALT-PU-2024-18339-1

Package update xrdp in branch sisyphus

Version0.10.0-alt1

Published2024-05-12

Max severityCRITICAL

Severity:

Closed issues (2)

CRITICAL9.8

Уязвимость механизма аутентификации средства удалённого доступа XRDP, позволяющая нарушителю получить несанкционированный доступ

Published: 2024-12-05Modified: 2025-05-06

CVSS 3.xCRITICAL 9.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2024-39917

CRITICAL9.8

xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be limited by a configuration parameter `MaxLoginRetry` in `/etc/xrdp/sesman.ini`. However, this mechanism was not effectively working. As a result, xrdp allows an infinite number of login attempts.

Published: 2024-07-12Modified: 2025-11-03

CVSS 3.xCRITICAL 9.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References