On 19 August 2014 16:51, speidy <spe...@gmail.com> wrote:
> Hi Harry,
>
> We have an rsa key generator tool to produce a new rsa key for xrdp server
> usage.
>
That's xdrp-keygen, right?
Looking at the code, the key generated by this tool is signed by the
well-known private key, in exactly the same way as described in the
original vulnerability report. Microsoft's RDP client, at least, will take
this signature to mean that the server's key is allowed to change, and
presumably other clients such as rdesktop do the same for compatibility.
Does anybody know what happens if you feed xrdp a self-signed or
genuinely-signed key? (Is there actually any way to do so? It doesn't
look as if the key is stored in a standard format.)
Harry.
------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds. Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
xrdp-devel mailing list
xrdp-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xrdp-devel
