CVE-2013-1430

Name of the Vulnerable Software and Affected Versions xrdp versions prior to 0.9.1

Description An issue was discovered where the file ~/.vnc/sesman ${username} passwd is created when successfully logging in using RDP into an xrdp session. The content of this file is the equivalent of the user's cleartext password, DES encrypted with a known key.

Recommendations For versions prior to 0.9.1, update to version 0.9.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the ~/.vnc/sesman ${username} passwd file to minimize the risk of exploitation.