Test Kennung:	1.3.6.1.4.1.25623.1.0.902658
Kategorie:	Windows
Titel:	Microsoft RDP Server Private Key Information Disclosure Vulnerability
Zusammenfassung:	Remote Desktop Protocol server is prone to an information disclosure vulnerability.
Beschreibung:	Summary: Remote Desktop Protocol server is prone to an information disclosure vulnerability. Vulnerability Insight: The flaw is due to RDP server which stores an RSA private key used for signing a terminal server's public key in the mstlsapi.dll library, which allows remote attackers to calculate a valid signature and further perform a man-in-the-middle (MITM) attacks to obtain sensitive information. Vulnerability Impact: Successful exploitation could allow remote attackers to gain sensitive information. Affected Software/OS: All Microsoft-compatible RDP (5.2 or earlier) software. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. A Workaround is to connect only to terminal services over trusted networks. CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2005-1794 BugTraq ID: 13818 http://www.securityfocus.com/bid/13818 http://www.oxid.it/downloads/rdp-gbu.pdf https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12441 http://secunia.com/advisories/15605/
Copyright	Copyright (C) 2012 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.