{"id":"CVE-2021-36158","details":"In the xrdp package (in branches through 3.14) for Alpine Linux, RDP sessions are vulnerable to man-in-the-middle attacks because pre-generated RSA certificates and private keys are used.","modified":"2026-04-10T04:36:30.370129Z","published":"2021-07-05T23:15:07.367Z","references":[{"type":"FIX","url":"https://gitlab.alpinelinux.org/alpine/aports/-/issues/12811"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.alpinelinux.org/alpine/aports","events":[{"introduced":"0"},{"last_affected":"cf59c903c95a0d42ccae4509a205d46f00c6ceb2"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.14"}]}}],"versions":["v1.10-branch","v1.9.0","v1.9.0_alpha10","v1.9.0_alpha11","v1.9.0_alpha12","v1.9.0_alpha13","v1.9.0_alpha14","v1.9.0_alpha15","v1.9.0_alpha16","v1.9.0_alpha17","v1.9.0_alpha18","v1.9.0_alpha7","v1.9.0_alpha8","v1.9.0_alpha9","v1.9.0_beta1","v1.9.0_beta2","v1.9.0_beta3","v1.9.0_beta4","v1.9.0_rc1","v1.9.0_rc2","v1.9.0_rc4","v1.9.0_rc5","v101203","v101216","v101221","v101224","v110303","v110310","v110312","v110325","v110407","v110412","v110525","v110527","v110606","v110817","v110824","v110825","v110827","v111111","v120104","v120323","v120820","v120824","v120914","v121009","v121207","v121217","v130301","v130308","v130313","v130910","v131210","v131211","v140416","v140423","v140515","v140930","v141001","v141022","v150306","v160223","v2.0.0","v2.0.0_beta1","v2.0.0_beta2","v2.0.0_beta3","v2.0.0_beta4","v2.0.0_rc1","v2.0.0_rc2","v2.0.0_rc3","v2.1.0","v2.1.0_rc1","v2.1.0_rc2","v2.2.0_rc1","v2.2.0_rc2","v2.2.0_rc3","v2.2.0_rc4","v2.2.0_rc5","v2.3.0","v2.3.0_rc1","v2.3.0_rc2","v2.3.0_rc3","v2.3.0_rc4","v2.3.0_rc5","v2.3.0_rc6","v2.4.0","v2.4.0_rc1","v2.4.0_rc2","v2.4.0_rc3","v2.5.0","v2.5.0_rc2","v2.6.0","v2.6.0_rc1","v2.6.0_rc2","v2.6.0_rc3","v2.6.0_rc4","v2.6.0_rc5","v2.6.0_rc6","v2.7.0","v2.7.0_rc1","v2.7.0_rc2","v2.7.0_rc3","v2.7.0_rc4","v2.7.0_rc5","v2.7.0_rc6","v20101203","v20101216","v20190227","v20190228","v20190408","v20190508","v20190707","v20190809","v20190925","v20191114","v20191219","v20200117","v20200122","v20200312","v20200319","v20200428","v20200626","v20200917","v20201218","v20210212","v3.0.0","v3.0.0_rc1","v3.0.0_rc2","v3.0.0_rc3","v3.0.0_rc4","v3.0.0_rc5","v3.1.0","v3.1.0_rc1","v3.1.0_rc2","v3.1.0_rc3","v3.1.0_rc4","v3.1.0_rc5","v3.10.0","v3.10.0_rc1","v3.10.0_rc2","v3.10.0_rc3","v3.10.0_rc4","v3.10.0_rc5","v3.10.0_rc6","v3.10.0_rc7","v3.11.0","v3.11.0_rc2","v3.11.0_rc3","v3.11.0_rc4","v3.11.0_rc5","v3.11_rc1","v3.12.0","v3.12.0_rc1","v3.12.0_rc2","v3.12.0_rc3","v3.12.0_rc4","v3.12.0_rc5","v3.13.0","v3.13.0_rc1","v3.13.0_rc2","v3.13.0_rc3","v3.13.0_rc4","v3.13.0_rc5","v3.14.0","v3.14.0_rc1","v3.14.0_rc2","v3.14.0_rc3","v3.14.0_rc4","v3.2.0","v3.2.0_rc1","v3.2.0_rc2","v3.2.0_rc3","v3.2.0_rc4","v3.2.0_rc5","v3.3.0","v3.3.0_rc1","v3.3.0_rc2","v3.3.0_rc3","v3.4.0","v3.4.0_rc1","v3.4.0_rc2","v3.4.0_rc3","v3.5.0","v3.5.0_rc1","v3.5.0_rc2","v3.5.0_rc3","v3.5.0_rc4","v3.5.0_rc5","v3.5.0_rc6","v3.5.0_rc7","v3.6.0","v3.6.0_rc1","v3.6.0_rc2","v3.6.0_rc3","v3.7.0","v3.7.0_rc1","v3.7.0_rc2","v3.7.0_rc3","v3.8.0","v3.8.0_rc1","v3.8.0_rc10","v3.8.0_rc2","v3.8.0_rc3","v3.8.0_rc4","v3.8.0_rc5","v3.8.0_rc6","v3.8.0_rc7","v3.8.0_rc8","v3.8.0_rc9","v3.9.0","v3.9.0_rc1","v3.9.0_rc2","v3.9.0_rc3","v3.9.0_rc4","v3.9.0_rc5","v3.9.0_rc6"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-36158.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}