CVE-2023-40184

LOW

xrdp < 0.9.23 - Session Restriction Bypass via auth_start_session Error Handling

Title source: llm

Description

xrdp is an open source remote desktop protocol (RDP) server. In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The `auth_start_session` function can return non-zero (1) value on, e.g., PAM error which may result in in session restrictions such as max concurrent sessions per user by PAM (ex ./etc/security/limits.conf) to be bypassed. Users (administrators) don't use restrictions by PAM are not affected. This issue has been addressed in release version 0.9.23. Users are advised to upgrade. There are no known workarounds for this issue.

References (7)

Core 7

Core References

Mailing List

https://lists.fedoraproject.org/archives/list/[email protected]/message/SOT237TIHTHPX5YNIWLVNINOEYC7WMG2/

Mailing List

https://lists.fedoraproject.org/archives/list/[email protected]/message/U5IXMQODV3OIJ7DRQBUQV7PUKNT7SH36/

Mailing List

https://lists.fedoraproject.org/archives/list/[email protected]/message/URO3FKTFBPNKFARAQBEJLI4MH6YS35P5/

Mailing List

https://lists.debian.org/debian-lts-announce/2025/05/msg00018.html

Vendor Advisory x_refsource_confirm

https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-f489-557v-47jq

Patch x_refsource_misc

https://github.com/neutrinolabs/xrdp/commit/a111a0fdfe2421ef600e40708b5f0168594cfb23

View Patch ZIP pw:eip

Product x_refsource_misc

https://github.com/neutrinolabs/xrdp/blame/9bbb2ec68f390504c32f2062847aa3d821a0089a/sesman/sesexec/session.c#L571C5-L571C19

Scores

CVSS v3 2.6

EPSS 0.0073

EPSS Percentile 49.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-755

Status published

Products (1)

neutrinolabs/xrdp < 0.9.23

Published Aug 30, 2023

Tracked Since Feb 18, 2026