CVE-2023-40184
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Summary
CVE-2023-40184 is a vulnerability affecting the xrdp open source remote desktop protocol server before version 0.9.23. This issue involves improper handling of session establishment errors, enabling bypassing of OS-level session restrictions. Specifically, the `auth_start_session` function may return a non-zero value on PAM errors, potentially circumventing limits set in configurations like /etc/security/limits.conf. Users not employing PAM-enforced restrictions are not susceptible. To mitigate this risk, it is strongly recommended that users upgrade to version 0.9.23. Currently, there are no known workarounds for this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Neutrinolabs Xrdp