CVE-2013-1430

Summary

An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd is created. Its content is the equivalent of the user's cleartext password, DES encrypted with a known key.

Affected Software

VendorProductVersion RangeStatus
n/axrdp before 0.9.1xrdp before 0.9.1affected

Weaknesses

  • cleartext password exposure

ADP Enrichment

CVE Program Container

Additional References

References