Any attacker in a privileged network location can use the key for this attack. This flaw exists because the RDP server stores a publicly known hard-coded RSA private key. A MiTM attack of this nature would allow the attacker to obtain any sensitive information transmitted, including authentication credentials. An attacker with the ability to intercept traffic from the RDP server can establish encryption with the client and server without being detected. The RDP client makes no effort to validate the identity of the server when setting up encryption. Description The remote version of the Remote Desktop Protocol Server (Terminal Service) is vulnerable to a man-in-the-middle (MiTM) attack. Synopsis It may be possible to get access to the remote host.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |