Security Advisory

CVE-2024-39917

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-07-12 15:24:01
Last updated 2025-11-03 19:30:23
Assigner GitHub_M
State PUBLISHED

Description

xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be limited by a configuration parameter `MaxLoginRetry` in `/etc/xrdp/sesman.ini`. However, this mechanism was not effectively working. As a result, xrdp allows an infinite number of login attempts.