Описание
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds.
Ссылки
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- Third Party Advisory
- ExploitIssue TrackingThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- Third Party Advisory
- ExploitIssue TrackingThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Одно из
EPSS
9.1 Critical
CVSS3
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
Связанные уязвимости
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds.
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds.
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). ...
Уязвимость реализации протокола NTLM RDP-клиента FreeRDP, позволяющая нарушителю раскрыть защищаемую информацию
EPSS
9.1 Critical
CVSS3
7.5 High
CVSS3
5 Medium
CVSS2