SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#865833

Microsoft Windows Remote Desktop Protocol (RDP) uses weak algorithm for encrypting packets

Overview

Microsoft Windows Remote Desktop Protocol (RDP) uses a weak algorithm for encrypting packets.

I. Description

Microsoft describes RDP as follows.

    RDP is based on, and is an extension of, the T.120 protocol family standards. It is a multichannel-capable protocol that allows for separate virtual channels for carrying device communication and presentation data from the server, as well as encrypted client mouse and keyboard data.

Microsoft's implementation of RDP does not encrypt the checksums of the session data. Therefore, a determined attacker could apply cryptanalytic techniques to recover encrypted session traffic. Note that Microsoft has listed the following mitigating factors:
    An attacker would need the ability to capture an RDP session in order to exploit this vulnerability. In most cases, this would require that the attacker have physical access to the network media.

    Because encryption keys are negotiated on a per-session basis, a successful attack would allow an attacker to decrypt only a single session and not multiple sessions. Thus, the attacker would need to conduct a separate cryptanalytic attack against each session he or she wished to compromise.

II. Impact

A remote attacker could apply cryptanalytic techniques to recover encrypted session traffic.

III. Solution

Apply a patch.

Systems Affected

VendorStatusDate NotifiedDate Updated
Microsoft CorporationVulnerable6-Dec-2002

References


http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-051.asp
http://msdn.microsoft.com/library/en-us/termserv/termserv/using_terminal_services_virtual_channels.asp
http://www.microsoft.com/windows2000/techinfo/howitworks/terminal/rdpfandp.asp
http://link.springer.de/link/service/series/0558/bibs/2139/21390310.htm
http://www.ietf.org/rfc/rfc2104.txt

Credit

Ben Cohen & Pete Chown of Skygate Technology Ltd. discovered this vulnerability.

This document was written by Ian A Finlay.

Other Information

Date Public:2002-09-18
Date First Published:2002-12-06
Date Last Updated:2002-12-06
CERT Advisory: 
CVE-ID(s):CAN-2002-0863
NVD-ID(s):CAN-2002-0863
US-CERT Technical Alerts: 
Metric:6.30
Document Revision:16

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2002 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader