xrdp is vulnerable to information disclosure. The vulnerability exists through the successful logging to RDP into an xrdp session, the file ~/.vnc/sesman_${username}passwd uses a known key to store session passwords in text files. Allows an attacker to decrypt the file and obtain a user password.