Bugtraq: Re: Microsoft Terminal Services vulnerable to MITM-attacks.

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Microsoft Terminal Services vulnerable to MITM-attacks.

From: Erik Forsberg <forsberg () cendio se>
Date: 03 Apr 2003 16:49:51 +0200

"Larry Seltzer" <larry () larryseltzer com> writes:

RDP is vulnerable to Man In The Middle attacks (from here on referred to as MITM

attacks). The attack works as follows:

Do you know if ICA (Citrix products) is also vulnerable?


We haven't investigated the ICA protocol, so basically, we don't
know. However, a Google search on "secureica man in the middle attack"
gives some rather interesting results. 

There seems to be many different ways of connecting to Citrix
MetaFrame servers. SecureICA is only one of them.

\EF
-- 
Erik Forsberg                Telephone: +46-13-21 46 00
Cendio Systems               Web: http://www.thinlinc.com

By Date By Thread

Current thread:

Microsoft Terminal Services vulnerable to MITM-attacks. Erik Forsberg (Apr 02)
- RE: Microsoft Terminal Services vulnerable to MITM-attacks. Larry Seltzer (Apr 03)
  - Re: Microsoft Terminal Services vulnerable to MITM-attacks. Erik Forsberg (Apr 03)
  - RE: Microsoft Terminal Services vulnerable to MITM-attacks. Devin Heitmueller (Apr 03)
    - Re: Microsoft Terminal Services vulnerable to MITM-attacks. Henrik Storner (Apr 04)
- <Possible follow-ups>
- Re: Microsoft Terminal Services vulnerable to MITM-attacks. Carlos Branco (Apr 10)