Man In The Middle RDP Exploit

December 30, 2009 at 07:59:26
Specs: Windows Server
We had an audit finding that says our servers are vulnerable due to not using SSL as a transport layer for RDP enabled servers. This seems dumb since nobody outside can get in to use the exploit but whatever. Have any of you had this happen to you? What arguments did you use to get out of it? or did you just do it?

I'm having issues getting a server setup with Certificate Authority to do all this. Just seems like a waste of time but unsure what to do. Thanks


See More: Man In The Middle RDP Exploit

Report •

#1
December 30, 2009 at 08:29:31
Are you saying you only rdp internally and never allow server/workstation connections from the outside?

If so, the consultant isn't worth a penny with that recommendation.

You should ask the consultant if rdp is encrypted. Would be interesting to hear the response.

BTW exploit was against 5.1/5.2 versions of rdp. We are on 6.1 now if xp sp3/vista sp1/2008


Report •

#2
December 30, 2009 at 08:56:37
Only allowed from the outside once vpn'ed in. But yeah otherwise it's all internal for techs.

Problem is what I need is something in print that says ok these servers will be ok if.....

We have 2000 servers, 2003, and a couple 2008

We all know we'll be fine but needs to prove that to auditors and or management who are all asshats


Report •

#3
December 30, 2009 at 09:08:10
what does this "consultant" think a vpn is? It would have to be hacked before rdp could then be hacked.

Does this consultant know ssl can also be hacked?

"can lead to plaintext injection attacks against SSLv3 and all current versions of TLS"
http://en.wikipedia.org/wiki/Transp...


Report •

Related Solutions

#4
December 30, 2009 at 09:24:48
The argument is anyone can walk in to a bank with a laptop, hook in to the network and go to town, not that anyone at a branch would let them, but again, asshats.

And with the ssl they will say read further on, there is a recommended fix for the ssl vulnerability. Eitherway I lose. you see the rut I'm in.


Report •

#5
January 10, 2010 at 15:14:02
As Wanderer says the consultant is garbage. Even if someone could walk into your network and plug in and pick up an IP address enabling SSL for RDP (which is already encrypted) wont make a blind bit of difference. Thats what Port Security is for on Cisco switches. Port security prevents unknown devices from accessing the secure LAN. Additionally Cisco NAC and MS NAP also have this capbility by using specific hygience requirements for accessing the secureLAN. RDP access is prevented by access controls not SSL on the secure LAN. Im not even sure if its possible to introduce a PKI for RDP. I know RDP can use TS gateways piped over SSL which is a feature of Windows 2008 as iv installed them before but if this guy is a pen tester or some sort of security specialist he's not worth the money your paying him for. Additionally always remember the majority of succesful attacks come from inside the secureLAN. Dont ever discount malicous users. And just for the record this isnt a MITM attack. A MITM attack is a type of exploit that redirects a user via another malcious or poisoned source masquerading as a legitimate or trusted source.

Report •

Ask Question