cve/2024/CVE-2024-39917.md

### [CVE-2024-39917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39917)
![](https://img.shields.io/static/v1?label=Product&message=xrdp&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%3D%200.10.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-307%3A%20Improper%20Restriction%20of%20Excessive%20Authentication%20Attempts&color=brighgreen)

### Description

xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be  limited by a configuration parameter `MaxLoginRetry` in `/etc/xrdp/sesman.ini`. However, this mechanism was not effectively working. As a result, xrdp allows an infinite number of login attempts. 

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/EsselKobby/Virtual_Infosec_Africa_LAB