cvedb.io
CVE-2024-39917
HIGH · CVSS 7.2
EPSS exploitation probability: 0%
Published 2024-07-12T16:15:04.620 · Last modified 2026-06-17T07:43:01.293

Summary

xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be limited by a configuration parameter `MaxLoginRetry` in `/etc/xrdp/sesman.ini`. However, this mechanism was not effectively working. As a result, xrdp allows an infinite number of login attempts.

Affected products

neutrinolabs — xrdp

Does this affect you?

Add your gear to cvedb and we'll alert you only when neutrinolabs ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.