{"id":"MGASA-2022-0383","summary":"Updated freerdp packages fix security vulnerability","details":"FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In\nversions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not\nproperly abort when someone provides and empty password value. This issue\naffects FreeRDP based RDP Server implementations. RDP clients are not\naffected. The vulnerability is patched in FreeRDP 2.7.0. There are\ncurrently no known workarounds. (CVE-2022-24882)\n\nFreeRDP is a free implementation of the Remote Desktop Protocol (RDP).\nPrior to version 2.7.0, server side authentication against a 'SAM' file\nmight be successful for invalid credentials if the server has configured\nan invalid 'SAM' file path. FreeRDP based clients are not affected. RDP\nserver implementations using FreeRDP to authenticate against a 'SAM' file\nare affected. Version 2.7.0 contains a fix for this issue. As a\nworkaround, use custom authentication via 'HashCallback' and/or ensure the\n'SAM' database path configured is valid and the application has file\nhandles left. (CVE-2022-24883)\n","modified":"2026-04-16T04:40:55.031010001Z","published":"2022-10-23T22:48:35Z","upstream":["CVE-2022-24882","CVE-2022-24883"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2022-0383.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=30392"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/AELSWWBAM2YONRPGLWVDY6UNTLJERJYL/"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5461-1"},{"type":"WEB","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3XAZEK5W555DLYFBAHQKYWZRJ4CADMBX/"}],"affected":[{"package":{"name":"freerdp","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/freerdp?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.0-1.2.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0383.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}