CVE-2024-39917

Опубликовано: 12 июл. 2024

Источник: nvd

CVSS3: 7.2

CVSS3: 9.8

EPSS Низкий

Описание

xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be limited by a configuration parameter MaxLoginRetry in /etc/xrdp/sesman.ini. However, this mechanism was not effectively working. As a result, xrdp allows an infinite number of login attempts.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:neutrinolabs:xrdp:*:*:*:*:*:*:*:*

Версия до 0.10.0 (исключая)

EPSS

Процентиль: 57%

0.00353

Низкий

7.2 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-307

Связанные уязвимости

CVE-2024-39917

CVSS3: 7.2

ubuntu

12 месяцев назад

xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be limited by a configuration parameter `MaxLoginRetry` in `/etc/xrdp/sesman.ini`. However, this mechanism was not effectively working. As a result, xrdp allows an infinite number of login attempts.

CVE-2024-39917

CVSS3: 7.2

debian

12 месяцев назад

xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have ...

SUSE-SU-2025:0350-1

suse-cvrf

5 месяцев назад

Security update for xrdp

SUSE-SU-2025:0336-1

suse-cvrf

5 месяцев назад

Security update for xrdp

SUSE-SU-2025:0335-1

suse-cvrf

5 месяцев назад

Security update for xrdp

EPSS

Процентиль: 57%

0.00353

Низкий

7.2 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-307