CVE-2022-24883
published 2022-04-26CVE-2022-24883: FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a `SAM` file might be…
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.19%
80.2th percentile
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a `SAM` file might be successful for invalid credentials if the server has configured an invalid `SAM` file path. FreeRDP based clients are not affected. RDP server implementations using FreeRDP to authenticate against a `SAM` file are affected. Version 2.7.0 contains a fix for this issue. As a workaround, use custom authentication via `HashCallback` and/or ensure the `SAM` database path configured is valid and the application has file handles left.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | freerdp2 | < freerdp2 2.7.0+dfsg1-1 (bookworm) | freerdp2 2.7.0+dfsg1-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| freerdp | freerdp | < 2.7.0 | 2.7.0 |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability allows a remote attacker to bypass server authentication when the server has an invalid SAM file path configured — monitor for successful RDP authentications with invalid/unexpected credentials against FreeRDP-based servers. ↗
- →Detection should focus on FreeRDP server instances running versions prior to 2.7.0 (upstream) or prior to 2.3.0+dfsg1-2+deb11u2 (Debian bullseye) / 2.7.0+dfsg1-1 (Debian bookworm). ↗
- ·The vulnerability is only triggerable when the FreeRDP server is configured with an invalid SAM file path — a valid, accessible SAM database path mitigates the issue. ↗
- ·As a workaround (if patching is not immediately possible), use custom authentication via HashCallback and/or ensure the SAM database path is valid and the application has file handles available. ↗
- ·RHEL 6/7/8/9 are not affected because server support is completely disabled in RHEL builds of FreeRDP. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_ubuntu9.1CRITICAL
vendor_debian7.4HIGH
vendor_redhat7.4HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
FreeRDP vulnerabilities
vendor_ubuntu·2022-06-06·CVSS 9.1
CVE-2022-24883 [CRITICAL] FreeRDP vulnerabilities
Title: FreeRDP vulnerabilities
Summary: FreeRDP could allow unintended access to network services.
It was discovered that FreeRDP incorrectly handled empty password values. A
remote attacker could use this issue to bypass server authentication. This
issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.10.
(CVE-2022-24882)
It was discovered that FreeRDP incorrectly handled server configurations
with an invalid SAM file path. A remote attacker could use this issue to
bypass server authentication. (CVE-2022-24883)
Instructions: After a standard system update you need to reboot your computer to make all
the necessary changes.
Red Hat
freerdp: Server Side Auth Against a SAM File May Succeed for Invalid Creds
vendor_redhat·2022-04-22·CVSS 7.4
CVE-2022-24883 [HIGH] CWE-287 freerdp: Server Side Auth Against a SAM File May Succeed for Invalid Creds
freerdp: Server Side Auth Against a SAM File May Succeed for Invalid Creds
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a `SAM` file might be successful for invalid credentials if the server has configured an invalid `SAM` file path. FreeRDP based clients are not affected. RDP server implementations using FreeRDP to authenticate against a `SAM` file are affected. Version 2.7.0 contains a fix for this issue. As a workaround, use custom authentication via `HashCallback` and/or ensure the `SAM` database path configured is valid and the application has file handles left.
A vulnerability was found in freerdp. This flaw occurs when the server-side authentication against a `SAM` file might be successful for inv
Debian
CVE-2022-24883: freerdp2 - FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to ...
vendor_debian·2022·CVSS 7.4
CVE-2022-24883 [HIGH] CVE-2022-24883: freerdp2 - FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to ...
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a `SAM` file might be successful for invalid credentials if the server has configured an invalid `SAM` file path. FreeRDP based clients are not affected. RDP server implementations using FreeRDP to authenticate against a `SAM` file are affected. Version 2.7.0 contains a fix for this issue. As a workaround, use custom authentication via `HashCallback` and/or ensure the `SAM` database path configured is valid and the application has file handles left.
Scope: local
bookworm: resolved (fixed in 2.7.0+dfsg1-1)
bullseye: resolved (fixed in 2.3.0+dfsg1-2+deb11u2)
OSV
freerdp2 vulnerabilities
osv·2022-06-06·CVSS 7.5
CVE-2022-24882 [HIGH] freerdp2 vulnerabilities
freerdp2 vulnerabilities
It was discovered that FreeRDP incorrectly handled empty password values. A
remote attacker could use this issue to bypass server authentication. This
issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.10.
(CVE-2022-24882)
It was discovered that FreeRDP incorrectly handled server configurations
with an invalid SAM file path. A remote attacker could use this issue to
bypass server authentication. (CVE-2022-24883)
OSV
CVE-2022-24883: FreeRDP is a free implementation of the Remote Desktop Protocol (RDP)
osv·2022-04-26·CVSS 9.8
CVE-2022-24883 [CRITICAL] CVE-2022-24883: FreeRDP is a free implementation of the Remote Desktop Protocol (RDP)
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a `SAM` file might be successful for invalid credentials if the server has configured an invalid `SAM` file path. FreeRDP based clients are not affected. RDP server implementations using FreeRDP to authenticate against a `SAM` file are affected. Version 2.7.0 contains a fix for this issue. As a workaround, use custom authentication via `HashCallback` and/or ensure the `SAM` database path configured is valid and the application has file handles left.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/FreeRDP/FreeRDP/commit/4661492e5a617199457c8074bad22f766a116cdchttps://github.com/FreeRDP/FreeRDP/commit/6f473b273a4b6f0cb6aca32b95e22fd0de88e144https://github.com/FreeRDP/FreeRDP/releases/tag/2.7.0https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qxm3-v2r6-vmwfhttps://lists.debian.org/debian-lts-announce/2023/11/msg00010.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AELSWWBAM2YONRPGLWVDY6UNTLJERJYL/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOYKBQOHSRM7JQYUIYUWFOXI2JZ2J5RD/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZWR6KSIKXO4B2TXBB3WH6YTNYHN46OY/https://security.gentoo.org/glsa/202210-24https://github.com/FreeRDP/FreeRDP/commit/4661492e5a617199457c8074bad22f766a116cdchttps://github.com/FreeRDP/FreeRDP/commit/6f473b273a4b6f0cb6aca32b95e22fd0de88e144https://github.com/FreeRDP/FreeRDP/releases/tag/2.7.0https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qxm3-v2r6-vmwfhttps://lists.debian.org/debian-lts-announce/2023/11/msg00010.htmlhttps://lists.debian.org/debian-lts-announce/2025/02/msg00016.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AELSWWBAM2YONRPGLWVDY6UNTLJERJYL/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOYKBQOHSRM7JQYUIYUWFOXI2JZ2J5RD/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZWR6KSIKXO4B2TXBB3WH6YTNYHN46OY/https://security.gentoo.org/glsa/202210-24
2022-04-26
Published