Re: Microsoft Terminal Services vulnerable to MITM-attacks.

From: Carlos Branco (cb@all-is-on.com)
Date: Thu Apr 10 2003 - 07:18:37 PDT

Next message: Serban Murariu: "Re: Exploit Code Released for Apache 2.x Memory Leak"

Previous message: nesumin: "Re: Unchecked Buffer in Opera 7.02"
Maybe in reply to: Erik Forsberg: "Microsoft Terminal Services vulnerable to MITM-attacks."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) In-Reply-To: <uod6k5g9fr.fsfat_private> >This means RDP is vulnerable to Man In The Middle attacks (from here >on referred to as MITM attacks). Great piece of research by Erik Forsberg and his team. However, this vulnerability does NOT affect Remote Desktop Web connection (aka TSAC), when used with SSL. This is because the RDP web client would rely on the Server-Side SSL cert to prove the authenticity of the server, making MTM attacks "virtually" impossible. Anyway, if you're deploying RDP and are worried about this exploit, try running it over SSL. More information can be found at: //www.microsoft.com/windows2000/server/evaluation/news/bulletins/tsac.asp Carlos Branco, CISSP

Next message: Serban Murariu: "Re: Exploit Code Released for Apache 2.x Memory Leak"
Previous message: nesumin: "Re: Unchecked Buffer in Opera 7.02"
Maybe in reply to: Erik Forsberg: "Microsoft Terminal Services vulnerable to MITM-attacks."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Apr 10 2003 - 17:25:21 PDT