| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: swtornio at mac.com (Steve Tornio) Subject: [lists] Terminal Server vulnerabilities On Jan 25, 2005, at 2:38 PM, Curt Purdy wrote: > Daniel Sichel wrote: > <snip> >> Naturally I >> don't like this answer because of horror stories I have heard >> about Terminal server. They claim there are no unfixed >> vulnerabilities to Terminal Server on Windows Server 2000 >> Service Pack 4. > > The problem with terminal server is not any vulnerablities that can be > exploited, but the fact that administrator can be bruteforced (6 > attempts > followed by reconnect) and that it is screaming its existence on port > 3889. > If you use it, definitely change the port in the registry. Of course, one of the very first things you should do on a Windows box is rename the administrator account, so this kind of blind brute-forcing is not possible. Also, the problem you describe can be exacerbated in that administrator can be brute-forced without creating a log entry, by attempting 5 logons and disconnecting before Windows disconnects and logs after the sixth failure. This was covered in a talk at Black Hat 2003, when Ryan Russell and Tim Mullens released TSGrinder. I don't know if they continued work on it.
Powered by blists - more mailing lists