Описание
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a SAM file might be successful for invalid credentials if the server has configured an invalid SAM file path. FreeRDP based clients are not affected. RDP server implementations using FreeRDP to authenticate against a SAM file are affected. Version 2.7.0 contains a fix for this issue. As a workaround, use custom authentication via HashCallback and/or ensure the SAM database path configured is valid and the application has file handles left.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| esm-apps/bionic | needs-triage | |
| esm-infra/xenial | needs-triage | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 2.2.0+dfsg1-0ubuntu0.18.04.3 |
| devel | not-affected | 2.7.0+dfsg1-1 |
| esm-apps/noble | not-affected | 2.7.0+dfsg1-1 |
| esm-infra/bionic | not-affected | 2.2.0+dfsg1-0ubuntu0.18.04.3 |
| esm-infra/focal | not-affected | 2.2.0+dfsg1-0ubuntu0.20.04.3 |
| focal | released | 2.2.0+dfsg1-0ubuntu0.20.04.3 |
| impish | released | 2.3.0+dfsg1-2ubuntu0.2 |
| jammy | released | 2.6.1+dfsg1-3ubuntu2.1 |
| kinetic | not-affected | 2.7.0+dfsg1-1 |
| lunar | not-affected | 2.7.0+dfsg1-1 |
Показывать по
EPSS
6.8 Medium
CVSS2
7.4 High
CVSS3
Связанные уязвимости
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a `SAM` file might be successful for invalid credentials if the server has configured an invalid `SAM` file path. FreeRDP based clients are not affected. RDP server implementations using FreeRDP to authenticate against a `SAM` file are affected. Version 2.7.0 contains a fix for this issue. As a workaround, use custom authentication via `HashCallback` and/or ensure the `SAM` database path configured is valid and the application has file handles left.
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a `SAM` file might be successful for invalid credentials if the server has configured an invalid `SAM` file path. FreeRDP based clients are not affected. RDP server implementations using FreeRDP to authenticate against a `SAM` file are affected. Version 2.7.0 contains a fix for this issue. As a workaround, use custom authentication via `HashCallback` and/or ensure the `SAM` database path configured is valid and the application has file handles left.
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). ...
Уязвимость RDP-сервера FreeRDP, связанная с недостатками процедуры аутентификации, позволяющая нарушителю обойти процесс аутентификации
EPSS
6.8 Medium
CVSS2
7.4 High
CVSS3