Plugin 18405 very sensibly generates this report: "Synopsis : It may be possible to get access to the remote host. Description : The remote version of Remote Desktop Protocol Server (Terminal Service) is vulnerable to a man in the middle attack. An attacker may exploit this flaw to decrypt communications between client and server and obtain sensitive information (passwords ...)."
When distributing Nessus reports I have to explain that where terminal services must be enabled then the scope of exposure of the service should be minimised, probably using the Windows host-based firewall, and that the accounts exposed should have very strong passwords. This is because I think remote brute force or dictionary log-in attempts using e.g. TSgrinder could be more of a concern that the possibility of a sophisticated man in the middle attack. I'm not sure whether other would agree, however, it would make my life a little easier if the scope and password strength aspects could also be explained in the plug-in output. -- Carl Nelson Distributed Systems Services, Computer Centre, University of Leicester, Leicester, LE1 7RH, U.K. Tel: +44 (0)116 252 2060, Fax: +44 (0)116 252 5027 _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
