Описание
An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd is created. Its content is the equivalent of the user's cleartext password, DES encrypted with a known key.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 0.9.1~2016121126+git5171fa7-1 |
| cosmic | not-affected | 0.9.1~2016121126+git5171fa7-1 |
| devel | not-affected | 0.9.1~2016121126+git5171fa7-1 |
| esm-apps/bionic | not-affected | 0.9.1~2016121126+git5171fa7-1 |
| esm-apps/xenial | released | 0.6.1-2ubuntu0.1 |
| esm-infra-legacy/trusty | not-affected | 0.6.0-1ubuntu0.1 |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needs-triage |
| trusty | released | 0.6.0-1ubuntu0.1 |
Показывать по
5 Medium
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd is created. Its content is the equivalent of the user's cleartext password, DES encrypted with a known key.
An issue was discovered in xrdp before 0.9.1. When successfully loggin ...
An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd is created. Its content is the equivalent of the user's cleartext password, DES encrypted with a known key.
5 Medium
CVSS2
9.8 Critical
CVSS3