VDB
CVE-2024-39917
CVE-2024-39917
PUBLISHED
CVSS 7.199999809265137 HIGH
xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be limited by a configuration parameter `MaxLoginRetry` in `/etc/xrdp/sesman.ini`. However, this mechanism was not effectively working. As a result, xrdp allows an infinite number of login attempts.
EPSS 0.16% · 36.3th percentile
Risk Scores
CVSS 3.1
7.199999809265137
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L
EPSS Score
0.16%
36.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| neutrinolabs | xrdp | <= 0.10.0, 0 |
| neutrinolabs | xrdp | 0 |
Timeline
- Jan 21, 1970 Security Advisory
- Jul 12, 2024 CVE Published
- Jul 13, 2024 EPSS Score
- Aug 4, 2024 EPSS Score
- Aug 26, 2024 EPSS Score
- Sep 17, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 30, 2024 EPSS Score
- Nov 21, 2024 EPSS Score
- Dec 14, 2024 EPSS Score
- Jan 5, 2025 EPSS Score
- Jan 27, 2025 EPSS Score