icon

We found results for “

CVE-2024-39917

Date: July 12, 2024

xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be limited by a configuration parameter "MaxLoginRetry" in "/etc/xrdp/sesman.ini". However, this mechanism was not effectively working. As a result, xrdp allows an infinite number of login attempts.

Language: C

Severity Score

Severity Score

Weakness Type (CWE)

Improper Restriction of Excessive Authentication Attempts

CWE-307

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): CHANGED
Confidentiality (C): LOW
Integrity (I): NONE
Availability (A): LOW

Do you need more information?

Contact Us