|
|
|
|
|
|
|
| |
Microsoft Windows Remote Desktop Protocol Server Man in the Middle Weakness |
|
| This script is Copyright (C) 2005-2010 Tenable Network Security, Inc. |
|
|
| Family | Windows |
| Nessus Plugin ID | 18405 (tssvc_mim.nasl) |
| Bugtraq ID | 13818
|
| CVE ID | CVE-2005-1794
|
|
| Description: |
Synopsis :
It may be possible to get access to the remote host.
Description :
The remote version of the Remote Desktop Protocol Server (Terminal
Service) is vulnerable to a man in the middle (MiTM) attack. The RDP client
makes no effort to validate the identity of the server when setting
up encryption. An attacker with the ability to intercept traffic
from the RDP server can establish encryption with the client and server
without being detected. A MiTM attack of this nature would allow the
attacker to obtain any sensitive information transmitted, including
authentication credentials.
This flaw exists because the RDP server stores a hardcoded RSA
private key in the mstlsapi.dll library. Any local user with
access to this file (on any Windows system) can retrieve the
key and use it for this attack.
See also :
http://www.oxid.it/downloads/rdp-gbu.pdf
http://technet.microsoft.com/en-us/library/cc782610.aspx
Solution :
Force the use of SSL as a transport layer for this service.
Risk factor :
Medium / CVSS Base Score : 5.1
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
|
|
|
|
|
|
