[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CBD73348AD43344DAE3736A72831CDC909D0E089@LSCOEXCH1.lsmaster.lifespan.org>
Date: Wed, 9 Feb 2011 16:24:00 -0500
From: "Ziots, Edward" <EZiots@...espan.org>
To: <bugtraq@...urityfocus.com>
Subject: RE: Microsoft Terminal Services vulnerable to MITM-attacks.
If someone 0wns your pipe between you and the Terminal Server(s) then
you got bigger problems then the existing MITM attack. Whether the
attack sets it up via ARP spoofing, or other trickery.
If you are really worried about this, encrypt your communications via
IPSEC.
Z
Edward E. Ziots
CISSP, Network +, Security +
Network Engineer
Lifespan Organization
Email:eziots@...espan.org
Cell:401-639-3505
-----Original Message-----
From: Ansgar Wiechers [mailto:bugtraq@...netcobalt.net]
Sent: Wednesday, February 09, 2011 7:46 AM
To: bugtraq@...urityfocus.com
Subject: Re: Microsoft Terminal Services vulnerable to MITM-attacks.
On 2011-02-08 sam.vaughey@...il.com wrote:
> Does this issue still exist ?
Depends on the configuration. Unless configured to require network level
authentication, RDP is still prone to MitM attacks AFAIK.
Regards
Ansgar Wiechers
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq
Powered by blists - more mailing lists