lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <19E8C280-6F18-11D9-AC3D-000393C92756@mac.com>
From: swtornio at mac.com (Steve Tornio)
Subject: [lists] Terminal Server vulnerabilities


On Jan 25, 2005, at 2:38 PM, Curt Purdy wrote:

> Daniel Sichel wrote:
> <snip>
>> Naturally  I
>> don't like this answer because of horror stories I have heard
>> about Terminal server. They claim there are no unfixed
>> vulnerabilities to Terminal Server on Windows Server 2000
>> Service Pack 4.
>
> The problem with terminal server is not any vulnerablities that can be
> exploited, but the fact that administrator can be bruteforced (6 
> attempts
> followed by reconnect) and that it is screaming its existence on port 
> 3889.
> If you use it, definitely change the port in the registry.

Of course, one of the very first things you should do on a Windows box 
is rename the administrator account, so this kind of blind 
brute-forcing is not possible.

Also, the problem you describe can be exacerbated in that administrator 
can be brute-forced without creating a log entry, by attempting 5 
logons and disconnecting before Windows disconnects and logs after the 
sixth failure.  This was covered in a talk at Black Hat 2003, when Ryan 
Russell and Tim Mullens released TSGrinder.  I don't know if they 
continued work on it.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ