Описание
An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd is created. Its content is the equivalent of the user's cleartext password, DES encrypted with a known key.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| xrdp | fixed | 0.9.1~2016121126+git5171fa7-1 | package | |
| xrdp | no-dsa | jessie | package | |
| xrdp | no-dsa | wheezy | package |
Примечания
https://github.com/neutrinolabs/xrdp/pull/497
When successfully logging in using RDP into a xrdp session, the file
~/.vnc/sesman_${username}_passwd is created. Its content is the
equivalent of the users clear text password, DES encrypted with a known
key.
EPSS
Связанные уязвимости
An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd is created. Its content is the equivalent of the user's cleartext password, DES encrypted with a known key.
An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd is created. Its content is the equivalent of the user's cleartext password, DES encrypted with a known key.
An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd is created. Its content is the equivalent of the user's cleartext password, DES encrypted with a known key.
EPSS