Ashley Newson discovered that the XRDP sessions manager was susceptible to denial of service. A local attacker can further take advantage of this flaw to impersonate the XRDP sessions manager and capture any user credentials that are submitted to XRDP, approve or reject arbitrary login credentials or to hijack existing sessions for xorgxrdp sessions.