CVE-2022-24883 FreeRDP Server authentication might allow invalid credentials to pass

2022-04-2600:00:00

CWE-287

GitHub_M

www.cve.org

freerdp

remote desktop protocol

server authentication

sam file

hashcallback

version 2.7.0

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

9.8

Confidence

High

EPSS

0.005

Percentile

75.4%

JSON

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a SAM file might be successful for invalid credentials if the server has configured an invalid SAM file path. FreeRDP based clients are not affected. RDP server implementations using FreeRDP to authenticate against a SAM file are affected. Version 2.7.0 contains a fix for this issue. As a workaround, use custom authentication via HashCallback and/or ensure the SAM database path configured is valid and the application has file handles left.

CNA Affected

[
  {
    "vendor": "FreeRDP",
    "product": "FreeRDP",
    "versions": [
      {
        "version": "< 2.7.0",
        "status": "affected"
      }
    ]
  }
]