This advisory discusses a potential vulnerability related to remote display and KVM (Keyboard, Video, Mouse) setups in homelab environments. The vulnerability arises from improper configuration or outdated protocols used for remote access to GUI sessions of interactive machines. If exploited, this could allow unauthorized users to gain access to sensitive information displayed on these remote displays, posing a significant security risk. Specifically, older KVM switches that rely on unencrypted communication channels are at higher risk. The affected systems include any setup using outdated or improperly configured hardware and software for remote display purposes, such as mini displays connected via HDMI or USB without proper encryption or authentication measures.
- KVM Switches with unencrypted communication channels
- Mini displays connected via HDMI without encryption
- Install and configure a remote desktop software that supports encryption, such as xrdp or FreeRDP, ensuring TLS/SSL is enabled. Command example: sudo apt-get install xrdp && sudo sed -i 's/^port=3389/port=3389 ssl-listen=true/g' /etc/xrdp/xrdp.ini
- Use a KVM switch that supports encrypted connections and ensure it's configured to use encryption. Verify the firmware version is up-to-date according to manufacturer recommendations.
- Implement a firewall rule to block unauthorized access to remote display ports, such as port 3389 for RDP. Example command: sudo ufw allow from 192.168.1.0/24 to any port 3389
- Enable two-factor authentication (2FA) on all remote access points if possible.
This issue can significantly impact homelab setups that rely on KVM switches for managing multiple machines, particularly those using unencrypted HDMI or USB connections. Commonly affected software includes xrdp version before 0.9.12 and FreeRDP versions prior to 2.4.3.