Primary

Context

xrdp Message Authentication Code Verification Vulnerability in Classic RDP Security Layer

Vulnerability

Patched

A vulnerability exists in xrdp versions prior to 0.10.6, where the server fails to verify the Message Authentication Code (MAC) signature of encrypted RDP packets under the 'Classic RDP Security' layer. Although the sender correctly generates the signatures, the receiving side does not implement the necessary validation for the 8-byte integrity signature, allowing an unauthenticated attacker with man-in-the-middle capabilities to modify the encrypted traffic in transit without detection. This issue does not affect connections using the TLS security layer.

Impact

Exploitation of this vulnerability allows for undetected modification of encrypted RDP traffic, with potential implications for the integrity of the transmitted data.

Remediation

Users are advised to upgrade to xrdp version 0.10.6. If an immediate upgrade is not possible, xrdp can be configured to enforce TLS security by setting 'security_layer=tls' in the xrdp.ini file.

Added: Apr 17, 2026, 8:34 PM

Updated: Apr 17, 2026, 8:34 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

0.6

exploitability

5.6

remediation

8.3

relevance

6.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

0.6

exploitability

5.6

remediation

8.3

relevance

6.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

xrdp Message Authentication Code Verification Vulnerability in Classic RDP Security Layer

Vulnerability

Impact

Remediation

Affected Products

neutrinolabs xrdp

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating