CVE-2024-39917: xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have ...

Severity: Critical

CVSS Score: 9.8

xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be limited by a configuration parameter `MaxLoginRetry` in `/etc/xrdp/sesman.ini`. However, this mechanism was not effectively working. As a result, xrdp allows an infinite number of login attempts.