False positives in xrdp weak credential scanning

[maoning]

Describe the bug When Hydra scans an xrdp service, it always reports any username/password pair used to be valid, while printing out an error [ERROR] freerdp: The connection failed to establish. at the same time (even with the correct credential).

I've set up a Debian vm with xrdp. When I used Microsoft Remote Desktop to connect to it, the client behaviour was a bit unexpected (though I think it could be an x?rdp protocol quirk):

1. If the credentials are correct, I can directly log into my debian instance
2. If the credentials are incorrect, the initial connection is still established, then I get redirected to the xorg login portal:

I suspect this xrdp behaviour caused Hydra to always assume any credential pair is valid, because the initial connection is always established.

To Reproduce

Steps to reproduce the behavior:

1. Enable xrdp on a linux vm: https://linuxize.com/post/how-to-install-xrdp-on-debian-10/
2. Scan that vm with hydra: hydra -l root -p 'root' <linux_vm_ip> rdp, using any username/password

Expected behavior Ideally Hydra reports valid credential only if it can actually log into the debian instance If xrdp is not officially supported, it would be great to have a way to detect and skip xrdp services so that Hydra doesn't generate false positive findings.

Desktop (please complete the following information):

• OS: Hydra is running in dockerized environment, using openjdk:11-jdk-bullseye as the base image, and installed via apt-get install -y hydra, which installed libfreerdp2-2/now 2.3.0+dfsg1-2+deb11u1 amd64 [installed,local] as part of the dependencies.
• hydra version v9.1