| Summary: | CVE-2022-24882 freerdp: Server side NTLM does not properly check parameters | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | juneau |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | extras-orphan, negativo17, oholy, philip.wyett |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | freerdp 2.7.0 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A vulnerability was found in freerdp. The flaw occurs because the NT LAN Manager (NTLM) authentication does not properly abort when someone provides an empty password value. This issue exposes an improper authenticating vulnerability.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-09-01 17:32:51 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Bug Depends On: | 2079213, 2079206, 2079208, 2079209 | ||
| Bug Blocks: | 2079058 | ||
|
Description
juneau
2022-04-26 19:22:02 UTC
Created freerdp tracking bugs for this issue: Affects: fedora-all [bug 2079206] Created freerdp1.2 tracking bugs for this issue: Affects: epel-all [bug 2079213] FEDORA-2022-dc48a89918 has been pushed to the Fedora 36 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2022-b0a47f8060 has been pushed to the Fedora 34 stable repository. If problem still persists, please make note of it in this bug report. This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-24882 |