Bug 2459272 (CVE-2026-32105)

Summary: CVE-2026-32105 xrdp: xrdp: Data integrity compromised due to missing MAC signature verification in Classic RDP Security
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: fedora
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in xrdp, an open-source Remote Desktop Protocol (RDP) server. When using the "Classic RDP Security" layer, xrdp fails to verify the Message Authentication Code (MAC) signature of encrypted RDP packets. This oversight allows an unauthenticated attacker with man-in-the-middle (MITM) capabilities to modify encrypted traffic as it travels between the client and server without being detected, compromising data integrity. This vulnerability does not affect connections where the Transport Layer Security (TLS) security layer is enforced.
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2459297, 2459298    
Bug Blocks:    

Description OSIDB Bzimport 2026-04-17 20:01:37 UTC
xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code (MAC) signature of encrypted RDP packets when using the "Classic RDP Security" layer. While the sender correctly generates signatures, the receiving logic lacks the necessary implementation to validate the 8-byte integrity signature, causing it to be silently ignored. An unauthenticated attacker with man-in-the-middle (MITM) capabilities can exploit this missing check to modify encrypted traffic in transit without detection. It does not affect connections where the TLS security layer is enforced. This issue has been fixed in version 0.10.6. If users are unable to immediately upgrade, they should configure xrdp.ini to enforce TLS security (security_layer=tls) to ensure end-to-end integrity.

Comment 2 Zephyr Lykos 2026-06-14 09:56:53 UTC
should be fixed in 13a9c73444715deb923c2d16705971f60823db28