Описание
xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be limited by a configuration parameter `MaxLoginRetry` in `/etc/xrdp/sesman.ini`. However, this mechanism was not effectively working. As a result, xrdp allows an infinite number of login attempts.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| xrdp | fixed | 0.10.1-1 | package | |
| xrdp | no-dsa | bookworm | package |
Примечания
https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-7w22-h4w7-8j5j
https://github.com/neutrinolabs/xrdp/commit/8ac2f6db34649a93d3c9c4fe8fda61203702e615 (devel)
https://github.com/neutrinolabs/xrdp/commit/61b509f1d5d9b85128504c7b752e6e36d7b60b15 (v0.10.1)
While claimed in GHSA-7w22-h4w7-8j5j that issue is fixed in 0.10.0 the referenced
commit is not included in 0.10.0.
EPSS
Связанные уязвимости
xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be limited by a configuration parameter `MaxLoginRetry` in `/etc/xrdp/sesman.ini`. However, this mechanism was not effectively working. As a result, xrdp allows an infinite number of login attempts.
xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be limited by a configuration parameter `MaxLoginRetry` in `/etc/xrdp/sesman.ini`. However, this mechanism was not effectively working. As a result, xrdp allows an infinite number of login attempts.
EPSS