CVE-2024-39917— xrdp allows an ininite number of login attempts

CVSS 7.2 · High EPSS 0.15% · P36 Updated Nov 04, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-39917

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

xrdp allows an ininite number of login attempts

Source: NVD (National Vulnerability Database)

Vulnerability Description

xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be limited by a configuration parameter `MaxLoginRetry` in `/etc/xrdp/sesman.ini`. However, this mechanism was not effectively working. As a result, xrdp allows an infinite number of login attempts.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L

Source: NVD (National Vulnerability Database)

Vulnerability Type

过多认证尝试的限制不恰当

Source: NVD (National Vulnerability Database)

Vulnerability Title

xrdp 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

xrdp是neutrinolabs开源的一款开源远程桌面协议服务器。 xrdp 0.10.0之前版本存在安全漏洞，该漏洞源于最大登录尝试次数的配置参数限制无效，允许攻击者进行无限次登录尝试。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
neutrinolabs	xrdp	<= 0.10.0	-

II. Public POCs for CVE-2024-39917

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-39917

请登录查看更多情报信息。

https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-7w22-h4w7-8j5jx_refsource_CONFIRM
https://github.com/neutrinolabs/xrdp/commit/19c111c74c913ecc6e4ba9a738ed929a79d2ae8fx_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2024-39917

IV. Related Vulnerabilities

Same product: xrdp

Same vendor: neutrinolabs

Same weakness: CWE-307

V. Comments for CVE-2024-39917

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-39917— xrdp allows an ininite number of login attempts

I. Basic Information for CVE-2024-39917

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-39917

III. Intelligence Information for CVE-2024-39917

IV. Related Vulnerabilities

V. Comments for CVE-2024-39917

Leave a comment