lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: 10 Apr 2003 14:18:37 -0000 From: Carlos Branco <cb@...-is-on.com> To: bugtraq@...urityfocus.com Subject: Re: Microsoft Terminal Services vulnerable to MITM-attacks. In-Reply-To: <uod6k5g9fr.fsf@...tname.lkpg.cendio.se> >This means RDP is vulnerable to Man In The Middle attacks (from here >on referred to as MITM attacks). Great piece of research by Erik Forsberg and his team. However, this vulnerability does NOT affect Remote Desktop Web connection (aka TSAC), when used with SSL. This is because the RDP web client would rely on the Server-Side SSL cert to prove the authenticity of the server, making MTM attacks "virtually" impossible. Anyway, if you're deploying RDP and are worried about this exploit, try running it over SSL. More information can be found at: //www.microsoft.com/windows2000/server/evaluation/news/bulletins/tsac.asp Carlos Branco, CISSP
Powered by blists - more mailing lists