BugTraq
Re: Microsoft Terminal Services vulnerable to MITM-attacks. Feb 08 2011 02:15PM
sam vaughey gmail com (2 replies)
RE: Microsoft Terminal Services vulnerable to MITM-attacks. Feb 09 2011 02:47PM
Jim Harrison (Jim isatools org)
Re: Microsoft Terminal Services vulnerable to MITM-attacks. Feb 09 2011 12:45PM
Ansgar Wiechers (bugtraq planetcobalt net) (1 replies)
RE: Microsoft Terminal Services vulnerable to MITM-attacks. Feb 09 2011 09:24PM
Ziots, Edward (EZiots Lifespan org)
If someone 0wns your pipe between you and the Terminal Server(s) then
you got bigger problems then the existing MITM attack. Whether the
attack sets it up via ARP spoofing, or other trickery.

If you are really worried about this, encrypt your communications via
IPSEC.

Z

Edward E. Ziots
CISSP, Network +, Security +
Network Engineer
Lifespan Organization
Email:eziots (at) lifespan (dot) org [email concealed]
Cell:401-639-3505

-----Original Message-----
From: Ansgar Wiechers [mailto:bugtraq (at) planetcobalt (dot) net [email concealed]]
Sent: Wednesday, February 09, 2011 7:46 AM
To: bugtraq (at) securityfocus (dot) com [email concealed]
Subject: Re: Microsoft Terminal Services vulnerable to MITM-attacks.

On 2011-02-08 sam.vaughey (at) gmail (dot) com [email concealed] wrote:
> Does this issue still exist ?

Depends on the configuration. Unless configured to require network level
authentication, RDP is still prone to MitM attacks AFAIK.

Regards
Ansgar Wiechers
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

[ reply ]
 

Privacy Statement
Copyright 2010, SecurityFocus