CVE-2024-39917

Name
CVE-2024-39917
Description
xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be limited by a configuration parameter `MaxLoginRetry` in `/etc/xrdp/sesman.ini`. However, this mechanism was not effectively working. As a result, xrdp allows an infinite number of login attempts.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
CONFIRM https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-7w22-h4w7-8j5j
MISC https://github.com/neutrinolabs/xrdp/commit/19c111c74c913ecc6e4ba9a738ed929a79d2ae8f

Match rules

CPE URI Source package Min version Max version
xrdp >= 0 <= 0.10.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
xrdp 3.20-community 0.9.24-r0 Alan Lacerda <alacerda@alpinelinux.org> possibly vulnerable