;> --
>>>
>>> Slashdot TV.
>>> Video for Nerds. Stuff that matters.
>>> http://tv.slashdot.org/
>>> ___
>>> xrdp-devel mailing list
>>>
dden email] <http://user/SendEmail.jtp?type=node&node=4025666&i=0>
>> https://lists.sourceforge.net/lists/listinfo/xrdp-devel
>>
>>
>> --
>> If you reply to this email, your message will be added to the
>> discus
___
> xrdp-devel mailing list
> [hidden email] <http://user/SendEmail.jtp?type=node&node=4025666&i=0>
> https://lists.sourceforge.net/lists/listinfo/xrdp-devel
>
>
> ----------
> If you reply to this email, your message will be added to the discus
Jay,
Thanks. Yes, that was my understanding; the vulnerability is in the
protocol, so it affects all Microsoft-compatible RDP (5.2 or earlier)
software. I think it is clear that this is not widely understood, though,
and this is what concerns me at present.
We're moving to TLS encryption in xrd
Hi Harry,
That signature key is in the msdn documentation and needs to be used
to sign the standard RDP RSA bits.
http://msdn.microsoft.com/en-us/library/cc240776.aspx
The MS client will error out with a security error if it's not signed right.
MS did a poor job on this part of security and the si
On 19 August 2014 16:51, speidy wrote:
> Hi Harry,
>
> We have an rsa key generator tool to produce a new rsa key for xrdp server
> usage.
>
That's xdrp-keygen, right?
Looking at the code, the key generated by this tool is signed by the
well-known private key, in exactly the same way as describ
On 19 August 2014 09:09, Jonathan Buzzard wrote:
What on earth makes you think that xrdp would have the same hard coded
> RSA key in it that a Microsoft terminal server binary had in it nine
> years ago. What makes you think it has any hard coded RSA keys?
>
That would be because when I looked i
gt; ___
> xrdp-devel mailing list
> [hidden email] <http://user/SendEmail.jtp?type=node&node=4025659&i=0>
> https://lists.sourceforge.net/lists/listinfo/xrdp-devel
>
>
> --
> If you reply to this email, yo
On 15/08/14 06:51, Harry Johnston wrote:
> Hi,
>
> I'm concerned that a number of web sites wrongly claim or imply that the
> vulnerability described in CVE-2005-1794 doesn't apply to xrdp, e.g., see
>
> http://people.canonical.com/~ubuntu-security/cve/2005/CVE-2005-1794.html
>
> and
>
> https://s
Hi,
I'm concerned that a number of web sites wrongly claim or imply that the
vulnerability described in CVE-2005-1794 doesn't apply to xrdp, e.g., see
http://people.canonical.com/~ubuntu-security/cve/2005/CVE-2005-1794.html
and
https://security-tracker.debian.org/tracker/CVE-2005-1794
(As a r
10 matches
Mail list logo
