Impact
Server side authentication against a SAM
file might be successful for invalid credentials if the server has configured an invalid SAM
file path
- FreeRDP based clients are not affected.
- RDP server implementations using FreeRDP to authenticate against a
SAM
file are affected
Patches
Workarounds
- Use custom authentication via
HashCallback
- Ensure the
SAM
database path configured is valid and the application has file handles left
References
For more information
If you have any questions or comments about this advisory:
Impact
Server side authentication against a
SAM
file might be successful for invalid credentials if the server has configured an invalidSAM
file pathSAM
file are affectedPatches
Workarounds
HashCallback
SAM
database path configured is valid and the application has file handles leftReferences
For more information
If you have any questions or comments about this advisory: