Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1794

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2005-1794
Last Modified 18 Jul 2011 09:27:37
Published 01 Jun 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-1794

Summary

Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 stores an RSA private key in mstlsapi.dll and uses it to sign a certificate, which allows remote attackers to spoof public keys of legitimate servers and conduct man-in-the-middle attacks.

Vulnerable Systems

Application

  • Microsoft Remote Desktop Connection 5.1.2600.2180

  • Microsoft Windows Terminal Services Using Rdp 5.2


References

BID - 13818

MISC - http://www.oxid.it/downloads/rdp-gbu.pdf

SECUNIA - 15605


Last Updated: 27 May 2016 10:40:18