CVE-2022-24883
Summary
| CVE | CVE-2022-24883 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-04-26 16:15:00 UTC |
|---|
| Updated | 2023-11-17 19:15:00 UTC |
|---|
| Description | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a `SAM` file might be successful for invalid credentials if the server has configured an invalid `SAM` file path. FreeRDP based clients are not affected. RDP server implementations using FreeRDP to authenticate against a `SAM` file are affected. Version 2.7.0 contains a fix for this issue. As a workaround, use custom authentication via `HashCallback` and/or ensure the `SAM` database path configured is valid and the application has file handles left. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| [SECURITY] Fedora 36 Update: freerdp-2.7.0-1.fc36 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| FreeRDP: Multiple Vulnerabilities (GLSA 202210-24) — Gentoo security |
GENTOO |
security.gentoo.org |
|
| Cleaned up ntlm_fetch_ntlm_v2_hash · FreeRDP/FreeRDP@6f473b2 · GitHub |
MISC |
github.com |
|
| [SECURITY] Fedora 35 Update: freerdp-2.7.0-1.fc35 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| [SECURITY] Fedora 34 Update: freerdp-2.7.0-1.fc34 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| FreeRDP Server authentication might allow invalid credentials to pass · Advisory · FreeRDP/FreeRDP · GitHub |
CONFIRM |
github.com |
|
| Release Release 2.7.0 · FreeRDP/FreeRDP · GitHub |
MISC |
github.com |
|
| Cleaned up ntlm_fetch_ntlm_v2_hash · FreeRDP/FreeRDP@4661492 · GitHub |
MISC |
github.com |
|
| [debian-lts-announce] 20231117 [SECURITY] [DLA 3654-1] freerdp2 security update |
|
lists.debian.org |
|
| [SECURITY] Fedora 36 Update: freerdp-2.7.0-1.fc36 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| [SECURITY] Fedora 35 Update: freerdp-2.7.0-1.fc35 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| [SECURITY] Fedora 34 Update: freerdp-2.7.0-1.fc34 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 183779 Debian Security Update for freerdp2 (CVE-2022-24883)
- 198818 Ubuntu Security Notification for FreeRDP Vulnerabilities (USN-5461-1)
- 282672 Fedora Security Update for freerdp (FEDORA-2022-b0a47f8060)
- 282673 Fedora Security Update for freerdp (FEDORA-2022-a3e03a200b)
- 282727 Fedora Security Update for freerdp (FEDORA-2022-dc48a89918)
- 6000329 Debian Security Update for freerdp2 (DLA 3654-1)
- 671869 EulerOS Security Update for freerdp (EulerOS-SA-2022-1927)
- 710666 Gentoo Linux FreeRDP Multiple Vulnerabilities (GLSA 202210-24)
- 752334 SUSE Enterprise Linux Security Update for freerdp (SUSE-SU-2022:2352-1)
- 753105 SUSE Enterprise Linux Security Update for freerdp (SUSE-SU-2022:2353-1)
- 753200 SUSE Enterprise Linux Security Update for freerdp (SUSE-SU-2022:2354-1)
