webthat

Originally posted by DS3Circuit: Quote: During extensive investigation of the Remote Desktop Protocol (RDP), the protocol used to connect to Windows Terminal Services, we (Cendio Systems) have found that although the information sent over the network is encrypted, there is no verification of the identity of the server when setting up the encryption keys for the session. This means RDP is vulnerable to Man In The Middle attacks (from here on referred to as MITM attacks). The attack works as follows ............. We've tested this vulnerability against Windows 2000 Terminal Server, Windows 2000 Advanced Server and the upcoming Windows Server 2003 using both the clients delivered with Windows 2000 and the latest downloadable RDP client from Microsoft. We have reason to believe that the vulnerability exists when running both RDP version 4 and 5, and regardless of terminal server mode. We have developed software that can be used to exploit this vulnerability, but we choose not to release it. Apparently Microsoft is now taking this threat seriously. Windows Server 2003 SP1 will include SSL-based Server Authentication for Terminal Servers. The new terminal services (remote desktop) client software that is required for SSL will work with Windows 2000, 2003, and XP. The MSI for the new software is, of course, included. I hope they release a new version of the web client. It is SO much easier to deploy on a large scale. Windows Server 2003 SP1 is now in "Release Candidate" mode, but the MSDN article I found references Beta 1. So this solution has been available (albeit in beta) for a little while now. See the following URL for more information: http://support.microsoft.com/default.aspx?scid=kb;en-us;555188