[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Microsoft Terminal Services vulnerable to MITM-attacks.
- To: <bugtraq@xxxxxxxxxxxxxxxxx>
- Subject: RE: Microsoft Terminal Services vulnerable to MITM-attacks.
- From: "Ziots, Edward" <EZiots@xxxxxxxxxxxx>
- Date: Wed, 9 Feb 2011 16:24:00 -0500
If someone 0wns your pipe between you and the Terminal Server(s) then
you got bigger problems then the existing MITM attack. Whether the
attack sets it up via ARP spoofing, or other trickery.
If you are really worried about this, encrypt your communications via
IPSEC.
Z
Edward E. Ziots
CISSP, Network +, Security +
Network Engineer
Lifespan Organization
Email:eziots@xxxxxxxxxxxx
Cell:401-639-3505
-----Original Message-----
From: Ansgar Wiechers [mailto:bugtraq@xxxxxxxxxxxxxxxx]
Sent: Wednesday, February 09, 2011 7:46 AM
To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Microsoft Terminal Services vulnerable to MITM-attacks.
On 2011-02-08 sam.vaughey@xxxxxxxxx wrote:
> Does this issue still exist ?
Depends on the configuration. Unless configured to require network level
authentication, RDP is still prone to MitM attacks AFAIK.
Regards
Ansgar Wiechers
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq