CVE-2024-39917 in xrdp
Zusammenfassung
von MITRE • 12.07.2024
xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be limited by a configuration parameter `MaxLoginRetry` in `/etc/xrdp/sesman.ini`. However, this mechanism was not effectively working. As a result, xrdp allows an infinite number of login attempts.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.