DEBIAN-CVE-2022-24882

DEBIAN-CVE-2022-24882 PUBLISHED CVSS 7.5 HIGH

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds.

Risk Scores

CVSS 3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products

Vendor	Product	Versions
Debian:12	freerdp2	0, 0, 0
Debian:11	freerdp2	0, 2.3.0+dfsg1, 2.3.0+dfsg1

Timeline

Apr 26, 2022 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2022-24882 advisory

Open in Interactive Console →