Advisories ยป MGASA-2021-0016

Updated xrdp packages fix security vulnerability

Publication date: 10 Jan 2021
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-4044


Ashley Newson discovered that the XRDP sessions manager was susceptible to
denial of service. A local attacker can further take advantage of this flaw to
impersonate the XRDP sessions manager and capture any user credentials that are
submitted to XRDP, approve or reject arbitrary login credentials or to hijack
existing sessions for xorgxrdp sessions (CVE-2020-4044).