Excellent, and thanks for clarifying that. (I wasn't sure whether
Microsoft's client supported using the newer protocol without also using
RDP 6.0 or later, the version it was introduced with.)
I presume that either the legacy encryption protocol won't be included at
all, or that there will be an option to disable it? We would still
consider a machine potentially at risk if it allowed connections using the
insecure protocol, since we would have no realistic way to be certain that
nobody was using an older client. Also, OpenVAS appears to correctly
detect whether a machine is or is not allowing insecure connections, so it
would be desirable on that front too.
Any sort of idea when this is likely to be released? If it is only a month
or two it would probably make sense for me to hold off on any further
action, but if it is more likely to be a year, say, I should probably go
ahead.
Harry.
On 23 August 2014 18:19, speidy <spe...@gmail.com> wrote:
> Hi Harry,
>
> TLS is supported by all well-known clients today (freerdp, rdesktop,
> mstsc, itap).
>
> It is referres as 'RDP Enhanced Security' mode at ms docs.
>
> Idan.
> On Aug 23, 2014 5:11 AM, "Harry Johnston [via XRDP Devel]" <[hidden email]
> <http://user/SendEmail.jtp?type=node&node=4025667&i=0>> wrote:
>
>> Jay,
>>
>> Thanks. Yes, that was my understanding; the vulnerability is in the
>> protocol, so it affects all Microsoft-compatible RDP (5.2 or earlier)
>> software. I think it is clear that this is not widely understood, though,
>> and this is what concerns me at present.
>>
>> We're moving to TLS encryption in xrdp now and this is almost working
>>> in devel branch. TLS encryption is a more industry standard way to
>>> encrypt the RDP traffic.
>>>
>>
>> Excellent. What clients does this support? Is it compatible with
>> Microsoft's Remote Desktop client (on Vista and later)?
>>
>> Harry.
>>
>>
>> ------------------------------------------------------------------------------
>>
>> Slashdot TV.
>> Video for Nerds. Stuff that matters.
>> http://tv.slashdot.org/
>> _______________________________________________
>> xrdp-devel mailing list
>> [hidden email] <http://user/SendEmail.jtp?type=node&node=4025666&i=0>
>> https://lists.sourceforge.net/lists/listinfo/xrdp-devel
>>
>>
>> ------------------------------
>> If you reply to this email, your message will be added to the
>> discussion below:
>>
>> http://xrdp-devel.766250.n3.nabble.com/Xrdp-devel-CVE-2005-1794-tp4025659p4025666.html
>> To start a new topic under XRDP Devel, email [hidden email]
>> <http://user/SendEmail.jtp?type=node&node=4025667&i=1>
>> To unsubscribe from XRDP Devel, click here.
>> NAML
>> <http://xrdp-devel.766250.n3.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>>
>
> ------------------------------
> View this message in context: Re: [Xrdp-devel] CVE-2005-1794
> <http://xrdp-devel.766250.n3.nabble.com/Xrdp-devel-CVE-2005-1794-tp4025659p4025667.html>
> Sent from the XRDP Devel mailing list archive
> <http://xrdp-devel.766250.n3.nabble.com/> at Nabble.com.
>
>
> ------------------------------------------------------------------------------
> Slashdot TV.
> Video for Nerds. Stuff that matters.
> http://tv.slashdot.org/
> _______________________________________________
> xrdp-devel mailing list
> xrdp-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/xrdp-devel
>
>
------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds. Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
xrdp-devel mailing list
xrdp-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xrdp-devel
