Skip to content

Server side NTLM does not properly check parameters

Critical
akallabeth published GHSA-6x5p-gp49-3jhh Apr 26, 2022

Package

FreeRDP (C)

Affected versions

<= 2.6.1

Patched versions

2.7.0

Description

Impact

  • FreeRDP based RDP Server implementations, RDP clients are not affected
  • NTLM authentication does not properly abort on empty password

Patches

  • Release 2.7.0
  • Pull request #7750 for stable 2.0 branch

Workarounds

No workarounds known

References

Original report at https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/95

For more information

If you have any questions or comments about this advisory:

Severity

Critical

CVE ID

CVE-2022-24882

Weaknesses

No CWEs