Lessons from Securing FreeRDP

FreeRDP's recent version (3.0.0) contains a new security mechanism aimed at blocking information-leak vulnerabilities. Said fix would have blocked more than 50% of the info-leak vulnerabilities discovered in the project since 2018, which are 28% of all vulnerabilities in FreeRDP

The article describes the technical background about the "Reverse RDP" attack vector, the software design flaw in FreeRDP and the security patch that was integrated into the project (and that took 2 years to get officially released to the public).