FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a `SAM` file might be successful for invalid credentials if the server has configured an invalid `SAM` file path. FreeRDP based clients are not affected. RDP server implementations using FreeRDP to authenticate against a `SAM` file are affected. Version 2.7.0 contains a fix for this issue. As a workaround, use custom authentication via `HashCallback` and/or ensure the `SAM` database path configured is valid and the application has file handles left.
References
Configurations
History
17 Nov 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Nov 2023, 03:44
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
16 Nov 2022, 19:56
Type | Values Removed | Values Added |
---|---|---|
References | (GENTOO) https://security.gentoo.org/glsa/202210-24 - Third Party Advisory |
31 Oct 2022, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 Oct 2022, 19:56
Type | Values Removed | Values Added |
---|---|---|
First Time |
Fedoraproject
Fedoraproject fedora |
|
CPE | cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PZWR6KSIKXO4B2TXBB3WH6YTNYHN46OY/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DOYKBQOHSRM7JQYUIYUWFOXI2JZ2J5RD/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AELSWWBAM2YONRPGLWVDY6UNTLJERJYL/ - Mailing List, Third Party Advisory |
11 May 2022, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 May 2022, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 May 2022, 13:51
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.8
v3 : 9.8 |
CPE | cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:* | |
First Time |
Freerdp
Freerdp freerdp |
|
References | (MISC) https://github.com/FreeRDP/FreeRDP/commit/4661492e5a617199457c8074bad22f766a116cdc - Patch, Third Party Advisory | |
References | (MISC) https://github.com/FreeRDP/FreeRDP/commit/6f473b273a4b6f0cb6aca32b95e22fd0de88e144 - Patch, Third Party Advisory | |
References | (MISC) https://github.com/FreeRDP/FreeRDP/releases/tag/2.7.0 - Release Notes, Third Party Advisory | |
References | (CONFIRM) https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qxm3-v2r6-vmwf - Patch, Third Party Advisory | |
CWE | CWE-287 |
26 Apr 2022, 17:21
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-04-26 16:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-24883
Mitre link : CVE-2022-24883
CVE.ORG link : CVE-2022-24883
JSON object : View
Products Affected
fedoraproject
- fedora
freerdp
- freerdp
CWE
CWE-287
Improper Authentication