In the xrdp package (in branches through 3.14) for Alpine Linux, RDP sessions are vulnerable to man-in-the-middle attacks because pre-generated RSA certificates and private keys are used.
References
Link | Resource |
---|---|
https://gitlab.alpinelinux.org/alpine/aports/-/issues/12811 | Patch Vendor Advisory |
https://gitlab.alpinelinux.org/alpine/aports/-/issues/12811 | Patch Vendor Advisory |
Configurations
History
21 Nov 2024, 06:13
Type | Values Removed | Values Added |
---|---|---|
References | () https://gitlab.alpinelinux.org/alpine/aports/-/issues/12811 - Patch, Vendor Advisory |
08 Jul 2021, 18:01
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:alpinelinux:aports:*:*:*:*:*:alpine:*:* | |
CWE | CWE-312 | |
References | (MISC) https://gitlab.alpinelinux.org/alpine/aports/-/issues/12811 - Patch, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 5.9 |
05 Jul 2021, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-07-05 23:15
Updated : 2024-11-21 06:13
NVD link : CVE-2021-36158
Mitre link : CVE-2021-36158
CVE.ORG link : CVE-2021-36158
JSON object : View
Products Affected
alpinelinux
- aports
CWE
CWE-312
Cleartext Storage of Sensitive Information