CVE-2026-32105: CWE-354: Improper Validation of Integrity Check Value in neutrinolabs xrdp
xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code (MAC) signature of encrypted RDP packets when using the "Classic RDP Security" layer. While the sender correctly generates signatures, the receiving logic lacks the necessary implementation to validate the 8-byte integrity signature, causing it to be silently ignored. An unauthenticated attacker with man-in-the-middle (MITM) capabilities can exploit this missing check to modify encrypted traffic in transit without detection. It does not affect connections where the TLS security layer is enforced. This issue has been fixed in version 0.10.6. If users are unable to immediately upgrade, they should configure xrdp.ini to enforce TLS security (security_layer=tls) to ensure end-to-end integrity.
AI Analysis
Technical Summary
The vulnerability in neutrinolabs xrdp (CVE-2026-32105) involves improper validation of the integrity check value (CWE-354) in the Classic RDP Security layer. While the sender generates a correct MAC signature for encrypted RDP packets, the receiver does not validate this 8-byte signature, effectively ignoring it. This allows an unauthenticated attacker with man-in-the-middle capabilities to modify encrypted traffic without detection. The issue is resolved in xrdp version 0.10.6. Enforcing TLS security (security_layer=tls) mitigates the vulnerability by ensuring end-to-end integrity verification.
Potential Impact
An unauthenticated attacker capable of man-in-the-middle interception can alter encrypted RDP traffic without detection when the Classic RDP Security layer is used. This compromises the integrity of the communication channel. The vulnerability does not impact connections secured with TLS, which provides proper integrity verification.
Mitigation Recommendations
Upgrade xrdp to version 0.10.6 or later, where this vulnerability is fixed. If immediate upgrade is not possible, configure xrdp.ini to enforce TLS security by setting security_layer=tls to ensure message integrity is properly verified. This configuration change effectively mitigates the risk without requiring an immediate patch.
CVE-2026-32105: CWE-354: Improper Validation of Integrity Check Value in neutrinolabs xrdp
Description
xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code (MAC) signature of encrypted RDP packets when using the "Classic RDP Security" layer. While the sender correctly generates signatures, the receiving logic lacks the necessary implementation to validate the 8-byte integrity signature, causing it to be silently ignored. An unauthenticated attacker with man-in-the-middle (MITM) capabilities can exploit this missing check to modify encrypted traffic in transit without detection. It does not affect connections where the TLS security layer is enforced. This issue has been fixed in version 0.10.6. If users are unable to immediately upgrade, they should configure xrdp.ini to enforce TLS security (security_layer=tls) to ensure end-to-end integrity.
CVSS v4.0
Score 9.3critical
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability in neutrinolabs xrdp (CVE-2026-32105) involves improper validation of the integrity check value (CWE-354) in the Classic RDP Security layer. While the sender generates a correct MAC signature for encrypted RDP packets, the receiver does not validate this 8-byte signature, effectively ignoring it. This allows an unauthenticated attacker with man-in-the-middle capabilities to modify encrypted traffic without detection. The issue is resolved in xrdp version 0.10.6. Enforcing TLS security (security_layer=tls) mitigates the vulnerability by ensuring end-to-end integrity verification.
Potential Impact
An unauthenticated attacker capable of man-in-the-middle interception can alter encrypted RDP traffic without detection when the Classic RDP Security layer is used. This compromises the integrity of the communication channel. The vulnerability does not impact connections secured with TLS, which provides proper integrity verification.
Mitigation Recommendations
Upgrade xrdp to version 0.10.6 or later, where this vulnerability is fixed. If immediate upgrade is not possible, configure xrdp.ini to enforce TLS security by setting security_layer=tls to ensure message integrity is properly verified. This configuration change effectively mitigates the risk without requiring an immediate patch.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-10T22:02:38.854Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e28fa3bdfbbecc59867c9b
Added to database: 4/17/2026, 7:53:07 PM
Last enriched: 4/25/2026, 2:49:50 AM
Last updated: 6/2/2026, 2:43:19 AM
Views: 122
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.