danblee.com

Tutorials & Knowledge Base Articles for System Administrators who wear many, many hats.

Vulnerability: This host is running Remote Desktop Protocol server and is prone to information disclosure vulnerability.

by Leave a Comment

I was dealing with a security vulnerability and wasn’t having much luck finding how to fix this issue online. I finally came across a few website posts that got me a little closer to what I was looking for. The full solution can be found below:

Here’s the report:

Summary
This host is running Remote Desktop Protocol server and is prone to information disclosure vulnerability.

Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.

Impact
Successful exploitation could allow remote attackers to gain sensitive information.

Impact Level: System/Application

Solution
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

A Workaround is to connect only to terminal services over trusted networks.

Affected Software/OS
All Microsoft-compatible RDP (5.2 or earlier) softwares

Vulnerability Insight
The flaw is due to RDP server which stores an RSA private key used for signing a terminal server’s public key in the mstlsapi.dll library, which allows remote attackers to calculate a valid signature and further perform a man-in-the-middle (MITM) attacks to obtain sensitive information.

Vulnerability Detection Method
Details: Microsoft RDP Server Private Key Information Disclosure Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.902658)

Version used: $Revision: 1559 $

References
CVE: CVE-2005-1794
BID: 13818
Other: http://secunia.com/advisories/15605/
http://xforce.iss.net/xforce/xfdb/21954
http://www.oxid.it/downloads/rdp-gbu.pdf
http://sourceforge.net/p/xrdp/mailman/message/32732056

Here’s the solution:

  1. Start > Administrative Tools > Remote Desktop Connection Configuration (Or something similar to that)
  2. Right click on RDP-Tcp and go to Properties
  3. In General, set the layer to SSL TS1, Set the level to High, and choose a public SSL Cert if you’ve got one.

Screenshot:

That should do it. Let me know if this works the same for you. Cheers.