CVE-2013-1430Xrdp vulnerability

CWE-25513 documents7 sources
Severity
9.8CRITICALNVD
EPSS
0.3%
top 42.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Neutrinolabs XrdpDebian Linux
Timeline
PublishedDec 16
Latest updateMay 13

Description

An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd is created. Its content is the equivalent of the user's cleartext password, DES encrypted with a known key.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

Debianneutrinolabs/xrdp< 0.9.1~2016121126+git5171fa7-1+3

Also affects: Debian Linux 7.0, 8.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-26xv-5c8j-w237: An issue was discovered in xrdp before 02022-05-13
CVEList
CVE-2013-1430: An issue was discovered in xrdp before 02016-12-16
OSV
CVE-2013-1430: An issue was discovered in xrdp before 02016-12-16

📋Vendor Advisories

5
Red Hat
flash-plugin: multiple code execution flaws (APSB13-21)2013-09-10
Red Hat
flash-plugin: multiple code execution flaws (APSB13-21)2013-09-10
Red Hat
flash-plugin: multiple code execution flaws (APSB13-21)2013-09-10
Red Hat
flash-plugin: multiple code execution flaws (APSB13-21)2013-09-10
Debian
CVE-2013-1430: xrdp - An issue was discovered in xrdp before 0.9.1. When successfully logging in using...2013

💬Community

4
Bugzilla
CVE-2013-1430 xrdp: Cleartext password shown in file after logging into xrdp session [epel-all]2016-12-15
Bugzilla
CVE-2013-1430 xrdp: Cleartext password shown in file after logging into xrdp session2016-12-15
Bugzilla
CVE-2013-1430 xrdp: Cleartext password shown in file after logging into xrdp session [fedora-all]2016-12-15
Bugzilla
CVE-2013-2186 Apache commons-fileupload: Arbitrary file upload via deserialization2013-06-16
CVE-2013-1430 — Neutrinolabs Xrdp vulnerability | cvebase