• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

danblee.com

Tutorials & Knowledge Base Articles for System Administrators who wear many, many hats.

  • Home
  • About
  • Ask Me
  • DBLHost.com

Vulnerability: This host is running Remote Desktop Protocol server and is prone to information disclosure vulnerability.

September 24, 2015 by Dan B. Lee Leave a Comment

I was dealing with a security vulnerability and wasn’t having much luck finding how to fix this issue online. I finally came across a few website posts that got me a little closer to what I was looking for. The full solution can be found below:

Here’s the report:

Summary
This host is running Remote Desktop Protocol server and is prone to information disclosure vulnerability.

Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.

Impact
Successful exploitation could allow remote attackers to gain sensitive information.

Impact Level: System/Application

Solution
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

A Workaround is to connect only to terminal services over trusted networks.

Affected Software/OS
All Microsoft-compatible RDP (5.2 or earlier) softwares

Vulnerability Insight
The flaw is due to RDP server which stores an RSA private key used for signing a terminal server’s public key in the mstlsapi.dll library, which allows remote attackers to calculate a valid signature and further perform a man-in-the-middle (MITM) attacks to obtain sensitive information.

Vulnerability Detection Method
Details: Microsoft RDP Server Private Key Information Disclosure Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.902658)

Version used: $Revision: 1559 $

References
CVE: CVE-2005-1794
BID: 13818
Other: http://secunia.com/advisories/15605/
http://xforce.iss.net/xforce/xfdb/21954
http://www.oxid.it/downloads/rdp-gbu.pdf
http://sourceforge.net/p/xrdp/mailman/message/32732056

Here’s the solution:

  1. Start > Administrative Tools > Remote Desktop Connection Configuration (Or something similar to that)
  2. Right click on RDP-Tcp and go to Properties
  3. In General, set the layer to SSL TS1, Set the level to High, and choose a public SSL Cert if you’ve got one.

Screenshot:

That should do it. Let me know if this works the same for you. Cheers.

Filed Under: Security Tagged With: OpenVAS, RDP Security, Security, Vulnerability

Primary Sidebar

Categories

  • Active Directory
    • Group Policy
  • Adobe Photoshop
  • Browsers
    • Chrome
  • Cloud Based Technology
    • Citrix XenApp
  • ConnectWise
    • LabTech
  • Dell
  • Internet Service Providers (ISPs)
  • iPhone
  • Linux
    • CentOS
    • OpenVPN
    • SaltStack
    • Ubuntu
  • Microsoft Office
    • Lync
    • Microsoft Excel
    • Microsoft Outlook
    • Microsoft Word
  • Microsoft Windows
    • Active Directory
    • PowerShell
    • Windows 7
    • Windows 8 Preview & Release
  • Networks
  • News
  • Off Topic
  • Office 365
  • Peripherals
    • Monitors
  • Printers
    • Local Printers
    • Network Printers
  • Programming
    • Python
  • Riverbed
  • Security
  • Sharepoint
  • Social Media
  • Splunk
  • Storage
  • Switching & Routing
    • Cisco
    • Fortinet
  • Technology Culture
    • Opinion
  • Uncategorized
  • Virtualization
    • VEEAM
    • VMware
  • WAMP
  • Web Hosting
    • WHMCS
  • Website Design
  • Windows Server
    • Exchange 2003
    • Exchange 2010
    • Exchange 2013
    • Microsoft SQL
    • Windows Server 2003
    • Windows Server 2008 R2
    • Windows Server 2012
  • WordPress

Footer

Recent Activity

  • pings on Xerox Phaser 3635MFP Default Admin Username and Password
  • Xerox Phaser 3635MFP Default Admin Username and Password — danblee.com on About Dan B. Lee
  • Estudio Login | LOGINEGG on Toshiba E-Studio Default Administrator Username and Password
  • Estudio Login | LOGINSPENT on Toshiba E-Studio Default Administrator Username and Password
  • Estudio Login | CHARTLOGIN on Toshiba E-Studio Default Administrator Username and Password

Dan Lee

Dan B. Lee works at SyApps, LLC., a Managed Hosting Solutions Firm, as a Senior Network Engineer. Dan has a decade of IT experience and specializes in a number of different disciplines including Virtualization, Web Site Hosting and Design, Network Security, Data Center Architecture, Local and Remote Server Hosting, and Backup & DRS Solutions. Read More…

Links

  • Home
  • About Dan B. Lee
  • Ask Me
  • Privacy Policy

Copyright © 2021 · Genesis Child Theme on Genesis Framework · WordPress · Log in