Xrdp · Xrdp · CVE-2013-1430
**Name of the Vulnerable Software and Affected Versions**
xrdp versions prior to 0.9.1
**Description**
An issue was discovered where the file ~/.vnc/sesman ${username} passwd is created when successfully logging in using RDP into an xrdp session. The content of this file is the equivalent of the user's cleartext password, DES encrypted with a known key.
**Recommendations**
For versions prior to 0.9.1, update to version 0.9.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the ~/.vnc/sesman ${username} passwd file to minimize the risk of exploitation.