CVE-2013-1430

An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd is created. Its content is the equivalent of the user's cleartext password, DES encrypted with a known key.

Published: Dec 16, 2016
Updated: Apr 13, 2023
CVE: CVE-2013-1430
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-255

Affected Software
References

Software	From	Fixed in
neutrinolabs / xrdp	-	0.8.0.x
debian / debian_linux	8.0	8.0.x
debian / debian_linux	7.0	7.0.x

http://www.securityfocus.com/bid/94958
https://github.com/neutrinolabs/xrdp/pull/497
https://security-tracker.debian.org/tracker/CVE-2013-1430

Vulnerability Database

CVE-2013-1430