Impact
Server side authentication against a SAM file might be successful for invalid credentials if the server has configured an invalid SAM file path
- FreeRDP based clients are not affected.
- RDP server implementations using FreeRDP to authenticate against a
SAM file are affected
Patches
Workarounds
- Use custom authentication via
HashCallback
- Ensure the
SAM database path configured is valid and the application has file handles left
References
For more information
If you have any questions or comments about this advisory:
Impact
Server side authentication against a
SAMfile might be successful for invalid credentials if the server has configured an invalidSAMfile pathSAMfile are affectedPatches
Workarounds
HashCallbackSAMdatabase path configured is valid and the application has file handles leftReferences
For more information
If you have any questions or comments about this advisory: