xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be limited by a configuration parameter `MaxLoginRetry` in `/etc/xrdp/sesman.ini`. However, this mechanism was not effectively working. As a result, xrdp allows an infinite number of login attempts.
References
Configurations
History
21 Nov 2024, 09:28
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
References | () https://github.com/neutrinolabs/xrdp/commit/19c111c74c913ecc6e4ba9a738ed929a79d2ae8f - Patch | |
References | () https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-7w22-h4w7-8j5j - Vendor Advisory |
05 Sep 2024, 15:43
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/neutrinolabs/xrdp/commit/19c111c74c913ecc6e4ba9a738ed929a79d2ae8f - Patch | |
References | () https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-7w22-h4w7-8j5j - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
Summary |
|
|
First Time |
Neutrinolabs
Neutrinolabs xrdp |
|
CPE | cpe:2.3:a:neutrinolabs:xrdp:*:*:*:*:*:*:*:* |
12 Jul 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-12 16:15
Updated : 2024-11-21 09:28
NVD link : CVE-2024-39917
Mitre link : CVE-2024-39917
CVE.ORG link : CVE-2024-39917
JSON object : View
Products Affected
neutrinolabs
- xrdp
CWE
CWE-307
Improper Restriction of Excessive Authentication Attempts