FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds.
References
Link | Resource |
---|---|
https://github.com/FreeRDP/FreeRDP/pull/7750 | Patch Third Party Advisory |
https://github.com/FreeRDP/FreeRDP/releases/tag/2.7.0 | Release Notes Third Party Advisory |
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6x5p-gp49-3jhh | Third Party Advisory |
https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/95 | Exploit Issue Tracking Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AELSWWBAM2YONRPGLWVDY6UNTLJERJYL/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOYKBQOHSRM7JQYUIYUWFOXI2JZ2J5RD/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZWR6KSIKXO4B2TXBB3WH6YTNYHN46OY/ | |
https://security.gentoo.org/glsa/202210-24 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
07 Nov 2023, 03:44
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
23 Jun 2023, 19:32
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-Other |
16 Nov 2022, 19:54
Type | Values Removed | Values Added |
---|---|---|
References | (GENTOO) https://security.gentoo.org/glsa/202210-24 - Third Party Advisory |
31 Oct 2022, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 Oct 2022, 19:50
Type | Values Removed | Values Added |
---|---|---|
First Time |
Fedoraproject
Fedoraproject extra Packages For Enterprise Linux Fedoraproject fedora |
|
CPE | cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:* |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PZWR6KSIKXO4B2TXBB3WH6YTNYHN46OY/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DOYKBQOHSRM7JQYUIYUWFOXI2JZ2J5RD/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AELSWWBAM2YONRPGLWVDY6UNTLJERJYL/ - Mailing List, Third Party Advisory |
11 May 2022, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 May 2022, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 May 2022, 13:46
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/FreeRDP/FreeRDP/releases/tag/2.7.0 - Release Notes, Third Party Advisory | |
References | (CONFIRM) https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6x5p-gp49-3jhh - Third Party Advisory | |
References | (MISC) https://github.com/FreeRDP/FreeRDP/pull/7750 - Patch, Third Party Advisory | |
References | (MISC) https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/95 - Exploit, Issue Tracking, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CPE | cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:* | |
CWE | CWE-287 | |
First Time |
Freerdp
Freerdp freerdp |
26 Apr 2022, 17:21
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-04-26 16:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-24882
Mitre link : CVE-2022-24882
CVE.ORG link : CVE-2022-24882
JSON object : View
Products Affected
fedoraproject
- extra_packages_for_enterprise_linux
- fedora
freerdp
- freerdp
CWE