CVE-2026-32105: CWE-354: Improper Validation of Integrity Check Value in neutrinolabs xrdp
xrdp versions prior to 0. 10. 6 do not verify the Message Authentication Code (MAC) signature on encrypted RDP packets when using the Classic RDP Security layer. This lack of integrity validation allows an unauthenticated man-in-the-middle attacker to modify encrypted traffic without detection. The vulnerability does not affect connections using the TLS security layer. The issue is fixed in xrdp version 0. 10. 6. Users unable to upgrade immediately should enforce TLS security by configuring xrdp. ini with security_layer=tls to ensure message integrity.
AI Analysis
Technical Summary
xrdp, an open source RDP server, through version 0.10.5, fails to validate the 8-byte MAC signature on encrypted RDP packets under the Classic RDP Security layer. While the sender generates the MAC correctly, the receiver ignores it, resulting in improper validation of the integrity check value (CWE-354). This flaw enables a man-in-the-middle attacker to alter encrypted traffic undetected. The vulnerability is mitigated by enforcing the TLS security layer or upgrading to version 0.10.6 where the issue is fixed.
Potential Impact
An unauthenticated attacker with man-in-the-middle capabilities can modify encrypted RDP traffic without detection when the Classic RDP Security layer is used. This compromises the integrity of the communication channel, potentially allowing tampering with data in transit. The vulnerability does not impact connections secured with TLS, which properly enforce integrity checks.
Mitigation Recommendations
A fix is available in xrdp version 0.10.6. Users should upgrade to this version to resolve the vulnerability. If immediate upgrade is not possible, users must configure xrdp.ini to enforce the TLS security layer by setting security_layer=tls, which ensures end-to-end integrity validation and mitigates the risk.
CVE-2026-32105: CWE-354: Improper Validation of Integrity Check Value in neutrinolabs xrdp
Description
xrdp versions prior to 0. 10. 6 do not verify the Message Authentication Code (MAC) signature on encrypted RDP packets when using the Classic RDP Security layer. This lack of integrity validation allows an unauthenticated man-in-the-middle attacker to modify encrypted traffic without detection. The vulnerability does not affect connections using the TLS security layer. The issue is fixed in xrdp version 0. 10. 6. Users unable to upgrade immediately should enforce TLS security by configuring xrdp. ini with security_layer=tls to ensure message integrity.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
xrdp, an open source RDP server, through version 0.10.5, fails to validate the 8-byte MAC signature on encrypted RDP packets under the Classic RDP Security layer. While the sender generates the MAC correctly, the receiver ignores it, resulting in improper validation of the integrity check value (CWE-354). This flaw enables a man-in-the-middle attacker to alter encrypted traffic undetected. The vulnerability is mitigated by enforcing the TLS security layer or upgrading to version 0.10.6 where the issue is fixed.
Potential Impact
An unauthenticated attacker with man-in-the-middle capabilities can modify encrypted RDP traffic without detection when the Classic RDP Security layer is used. This compromises the integrity of the communication channel, potentially allowing tampering with data in transit. The vulnerability does not impact connections secured with TLS, which properly enforce integrity checks.
Mitigation Recommendations
A fix is available in xrdp version 0.10.6. Users should upgrade to this version to resolve the vulnerability. If immediate upgrade is not possible, users must configure xrdp.ini to enforce the TLS security layer by setting security_layer=tls, which ensures end-to-end integrity validation and mitigates the risk.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-10T22:02:38.854Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e28fa3bdfbbecc59867c9b
Added to database: 4/17/2026, 7:53:07 PM
Last enriched: 4/17/2026, 8:08:33 PM
Last updated: 4/18/2026, 1:28:34 AM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.