Bugtraq: RE: Microsoft Terminal Services vulnerable to MITM-attacks.

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

RE: Microsoft Terminal Services vulnerable to MITM-attacks.

From: Devin Heitmueller <dheitmueller () netilla com>
Date: 03 Apr 2003 17:39:03 -0500

The ICA Protocol is also vulnerable.  They use Diffe-Hellman for key
agreement.  But there is no PKI in the protocol to verify the identity
of the server.

It's harder (because less of ICA has been reversed engineered), but it
is possible.

On Wed, 2003-04-02 at 19:09, Larry Seltzer wrote:

RDP is vulnerable to Man In The Middle attacks (from here on referred to as MITM

attacks). The attack works as follows:

Do you know if ICA (Citrix products) is also vulnerable?

LJS

-- 
Devin Heitmueller
Senior Software Engineer
Netilla Networks Inc

By Date By Thread

Current thread:

Microsoft Terminal Services vulnerable to MITM-attacks. Erik Forsberg (Apr 02)
- RE: Microsoft Terminal Services vulnerable to MITM-attacks. Larry Seltzer (Apr 03)
  - Re: Microsoft Terminal Services vulnerable to MITM-attacks. Erik Forsberg (Apr 03)
  - RE: Microsoft Terminal Services vulnerable to MITM-attacks. Devin Heitmueller (Apr 03)
    - Re: Microsoft Terminal Services vulnerable to MITM-attacks. Henrik Storner (Apr 04)
- <Possible follow-ups>
- Re: Microsoft Terminal Services vulnerable to MITM-attacks. Carlos Branco (Apr 10)