GitHub_MVULNRICHMENT:CVE-2024-39917CVE-2024-39917 xrdp allows an ininite number of login attempts
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L
EPSS
Percentile
39.7%
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial
xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be limited by a configuration parameter MaxLoginRetry in /etc/xrdp/sesman.ini. However, this mechanism was not effectively working. As a result, xrdp allows an infinite number of login attempts.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:neutrinolabs:xrdp:*:*:*:*:*:*:*:*"
],
"vendor": "neutrinolabs",
"product": "xrdp",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "0.10.0"
}
],
"defaultStatus": "unknown"
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L
EPSS
Percentile
39.7%
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial