lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <BAY21-F26933A8446BB9147C494739B860@phx.gbl>
From: builder173 at hotmail.com (Bob the Builder)
Subject: Re:  Terminal Server vulnerabilities

Are any of the vulnerabilities in this google search even vaguely current?  
They all seem to be at least a couple of years old, I don't recall anything 
recent, posting NT 4 and pre Win2k SP3 issues is hardly contradicts the MS 
statement that there are no current issues.  The main security issue with 
Terminal Services that I see its susceptability to brute force password 
attacks. If you are really really paranoid about running Terminal Services 
then tunnel it over either SSH or IPSec. I would point out that there have 
been root compromises in SSH fairly recently too!

Also, as a usability asside make sure you set session time outs or you risk 
finding yourself accidentally locked out of the box if you have too many 
dodgey disconnected sessions. I usually set active:1day, inactive:1hr, 
disconnected:10mins. That way if the box is monkeying about or people leave 
sessions open you can still get in - useful if the box is too far away to go 
to the console.

Cheers,

Bob

-----Original Message-----
From: Daniel H. Renner [mailto:dan@...angelescomputerhelp.com]
Sent: 25 January 2005 07:19
To: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] Re: Terminal Server vulnerabilities


Original message:
>Date: Mon, 24 Jan 2005 15:52:55 -0800
>From: "Daniel Sichel" <daniels@...derosatel.com>
>
>They claim there are no unfixed vulnerabilities to Terminal Server on 
>Windows Server 2000 Service Pack 4.
>
>I find that hard to believe and I know you guys will know if they are full 
>of it, or they are correct. Please let me know ASAP of any CURRENT 
>vulnerabilities int Terminal Server.
Dan,

Try here for starters: 
http://www.google.com/search?q=%22windows+terminal+server%22+exploit&sourceid=mozilla&start=0&start=0&ie=utf-8&oe=utf-8
(2,310 results)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ