Petter Reinholdtsen

**Name of the Vulnerable Software and Affected Versions** xrdp versions prior to 0.9.1 **Description** An issue was discovered where the file ~/.vnc/sesman ${username} passwd is created when successfully logging in using RDP into an xrdp session. The content of this file is the equivalent of the user's cleartext password, DES encrypted with a known key. **Recommendations** For versions prior to 0.9.1, update to version 0.9.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the ~/.vnc/sesman ${username} passwd file to minimize the risk of exploitation.