Ashley Newson discovered that the XRDP sessions manager was susceptible to denial of service. A local attacker can further take advantage of this flaw to impersonate the XRDP sessions manager and capture any user credentials that are submitted to XRDP, approve or reject arbitrary login credentials or to hijack existing sessions for xorgxrdp sessions. For the stable distribution (buster), this problem has been fixed in version 0.9.9-1+deb10u1. We recommend that you upgrade your xrdp packages. For the detailed security status of xrdp please refer to its security tracker page at: https://security-tracker.debian.org/tracker/xrdp
Ashley Newson discovered that the XRDP sessions manager was susceptible to denial of service. A local attacker can further take advantage of this flaw to impersonate the XRDP sessions manager and capture any user credentials that are submitted to XRDP, approve or reject arbitrary login credentials or to hijack existing sessions for xorgxrdp sessions.
For the stable distribution (buster), this problem has been fixed in version 0.9.9-1+deb10u1.
We recommend that you upgrade your xrdp packages.
For the detailed security status of xrdp please refer to its security tracker page at: https://security-tracker.debian.org/tracker/xrdp
Vulmon