7 matches found
CVE-2026-32105
A flaw was found in xrdp, an open-source Remote Desktop Protocol RDP server. When using the "Classic RDP Security" layer, xrdp fails to verify the Message Authentication Code MAC signature of encrypted RDP packets. This oversight allows an unauthenticated attacker with man-in-the-middle MITM...
CVE-2026-32105 xrdp: RDP MAC signature (dataSignature) never verified on receive — integrity bypass in non-TLS mode
xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code MAC signature of encrypted RDP packets when using the "Classic RDP Security" layer. While the sender correctly generates signatures, the receiving logic lacks th...
CVE-2026-32105
This CVE concerns xrdp, an open source RDP server. In versions up to 0.10.5, xrdp does not verify the MAC (8-byte integrity signature) of RDP packets when using the Classic RDP Security layer. The receiver’s logic fails to validate the MAC, allowing an unauthenticated attacker with MITM capabilit...
CVE-2026-32105 xrdp: RDP MAC signature (dataSignature) never verified on receive — integrity bypass in non-TLS mode
xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code MAC signature of encrypted RDP packets when using the "Classic RDP Security" layer. While the sender correctly generates signatures, the receiving logic lacks th...
CVE-2020-13803
An issue was discovered in Foxit PhantomPDF Mac and Foxit Reader for Mac before 4.0. It allows signature validation bypass via a modified file or a file with non-standard signatures...
CVE-2017-3156
The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks...
Polycom HDX < 3.1.1.2 Multiple Vulnerabilities
According to its self-reported version number, the firmware installed on the remote host is affected by multiple vulnerabilities : - A command shell authorization bypass vulnerability exists that could be used by a malicious user to gain unauthorized access to the system, which could result in...