FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds. https://github.com/FreeRDP/FreeRDP/releases/tag/2.7.0 https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/95 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6x5p-gp49-3jhh https://github.com/FreeRDP/FreeRDP/pull/7750
Created freerdp tracking bugs for this issue: Affects: fedora-all [bug 2079206]
Created freerdp1.2 tracking bugs for this issue: Affects: epel-all [bug 2079213]
FEDORA-2022-dc48a89918 has been pushed to the Fedora 36 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2022-b0a47f8060 has been pushed to the Fedora 34 stable repository. If problem still persists, please make note of it in this bug report.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-24882