Remote Desktop Protocol Network Security Advisory

Summary
The aim of this advisory is to warn Remote Desktop users about the feasibility of invisible man-in-the-middle attacks against Microsoft Terminal Services. This is an update of Erik Forsberg’s advisory released in April 2003 available at the following link: http://www.securityfocus.com/archive/1/317244. In short, mitm attacks on RDP protocol are still possible and they can be completely invisible for Terminal Services users.

Systems Affected
This advisory is born after experiments and researches on the following environment:
– Terminal Server software: Microsoft Windows Terminal Services using RDP v5.2
– Terminal Server Client software: Microsoft Remote Desktop for Windows XP v5.1.2600.2180

File (PDF) rdp-gbu.pdf 

Leave a Reply