Plugin 18405 recommends that you use SSL as a transport mechanism for RDP. You might have the latest RDP client installed, but if you don't enable TLS/SSL authentication you may be vulnerable to a man in the middle attack.
Ron Gula Tenable Network Security Albert R. Campa wrote: > I was reading about this RDP MITM event, in plugin 18405. > > I have ensured that clients have the latest RDP client version 6.x. > > Is there a plugin to verify version of RDP client? > > I believe there is one to tell me if a server is not in FIPS mode, but > I need a client check? > > Maybe just rely on SMS? > > Thanks > _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
