Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 602764 (CVE-2013-1430) - net-misc/xrdp: Cleartext password shown in file after logging into xrdp session
Summary: net-misc/xrdp: Cleartext password shown in file after logging into xrdp session
Status: RESOLVED FIXED
Alias: CVE-2013-1430
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: ~3 [noglsa/cve]
Keywords:
Depends on: 607096
Blocks:
  Show dependency tree
 
Reported: 2016-12-15 15:45 UTC by Agostino Sarubbo
Modified: 2017-02-26 19:51 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2016-12-15 15:45:21 UTC
From ${URL} :

When successfully logging in using RDP into a xrdp session, the file
~/.vnc/sesman_${username}_passwd is created. Its content is the
equivalent of the users clear text password, DES encrypted with a known
key.

Upstream bug:

https://github.com/neutrinolabs/xrdp/pull/497


@maintainer(s): since the package or the affected version has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2017-01-09 00:52:35 UTC
@ Maintainer(s): Please bump to >=net-misc/xrdp-0.9.1
Comment 2 Matt Turner gentoo-dev 2017-02-25 20:45:52 UTC
x11rdp and xrdp are removed, per bug 607096. Presumably this can now be closed.
Comment 3 Yury German Gentoo Infrastructure gentoo-dev 2017-02-26 19:51:14 UTC
Thank you for your work.