lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <200501251439531.SM02472@wolfcub3kv> From: purdy at tecman.com (Curt Purdy) Subject: [lists] Terminal Server vulnerabilities Daniel Sichel wrote: <snip> > Naturally I > don't like this answer because of horror stories I have heard > about Terminal server. They claim there are no unfixed > vulnerabilities to Terminal Server on Windows Server 2000 > Service Pack 4. The problem with terminal server is not any vulnerablities that can be exploited, but the fact that administrator can be bruteforced (6 attempts followed by reconnect) and that it is screaming its existence on port 3889. If you use it, definitely change the port in the registry. Curt Purdy CISSP, GSEC, CNE, MCSE+I, CCDA Information Security Engineer DP Solutions ----------------------------- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- former White House cybersecurity czar Richard Clarke
Powered by blists - more mailing lists