lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed, 9 Feb 2011 16:24:00 -0500
From: "Ziots, Edward" <EZiots@...espan.org>
To: <bugtraq@...urityfocus.com>
Subject: RE: Microsoft Terminal Services vulnerable to MITM-attacks.

If someone 0wns your pipe between you and the Terminal Server(s) then
you got bigger problems then the existing MITM attack. Whether the
attack sets it up via ARP spoofing, or other trickery. 

If you are really worried about this, encrypt your communications via
IPSEC. 

Z

Edward E. Ziots
CISSP, Network +, Security +
Network Engineer
Lifespan Organization
Email:eziots@...espan.org
Cell:401-639-3505


-----Original Message-----
From: Ansgar Wiechers [mailto:bugtraq@...netcobalt.net] 
Sent: Wednesday, February 09, 2011 7:46 AM
To: bugtraq@...urityfocus.com
Subject: Re: Microsoft Terminal Services vulnerable to MITM-attacks.

On 2011-02-08 sam.vaughey@...il.com wrote:
> Does this issue still exist ? 

Depends on the configuration. Unless configured to require network level
authentication, RDP is still prone to MitM attacks AFAIK.

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ