CVE-2026-32105
MAC Verification Bypass in xrdp Classic RDP Enables MITM
Publication date: 2026-04-17
Last updated on: 2026-04-17
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| neutrinolabs | xrdp | to 0.10.6 (exc) |
| neutrinolabs | xrdp | 0.10.6 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-354 | The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in xrdp versions through 0.10.5, where the software does not verify the Message Authentication Code (MAC) signature of encrypted RDP packets when using the "Classic RDP Security" layer.
While the sender generates the MAC signatures correctly, the receiving side does not validate these 8-byte integrity signatures, effectively ignoring them.
As a result, an unauthenticated attacker with man-in-the-middle (MITM) capabilities can modify encrypted traffic in transit without detection.
This issue does not affect connections that enforce the TLS security layer, and it was fixed in version 0.10.6.
Users unable to upgrade immediately should configure xrdp to enforce TLS security (security_layer=tls) to ensure end-to-end integrity.
How can this vulnerability impact me? :
This vulnerability allows an unauthenticated attacker with man-in-the-middle capabilities to modify encrypted RDP traffic without detection.
Such modification can compromise the confidentiality and integrity of the data transmitted during remote desktop sessions.
This could lead to unauthorized access, data tampering, or injection of malicious commands during the session.
However, connections using the TLS security layer are not affected by this vulnerability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, you should upgrade xrdp to version 0.10.6 or later where the issue is fixed.
If upgrading is not possible right away, configure the xrdp.ini file to enforce TLS security by setting security_layer=tls. This ensures end-to-end integrity and prevents exploitation of the missing MAC signature verification.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in xrdp versions through 0.10.5 allows an unauthenticated attacker with man-in-the-middle capabilities to modify encrypted RDP traffic without detection due to missing verification of the Message Authentication Code (MAC) signature. This lack of integrity verification can lead to unauthorized data modification during transmission.
Such a security weakness could impact compliance with standards and regulations like GDPR and HIPAA, which require ensuring the confidentiality and integrity of sensitive data in transit. Failure to detect tampering with encrypted communications may violate these requirements, potentially leading to non-compliance.
However, enforcing the TLS security layer (security_layer=tls) or upgrading to version 0.10.6 mitigates this risk by ensuring end-to-end integrity verification.