| Vulnerability Name: | CCN-11696 | ||||||
| Published: | 2003-04-01 | ||||||
| Updated: | 2003-04-01 | ||||||
| Summary: | Multiple Microsoft Windows products could allow a remote attacker to spoof a server's public key and perform a man-in-the-middle attack. This vulnerability is caused by improper verification of a server's public key when a Remote Data Protocol (RDP) connection is established. An attacker could use this vulnerability to develop session keys and obtain sensitive information in plain text.
Note: Citrix ICA Client and Cain & Abel are also vulnerable. | ||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||
| CVSS v2 Severity: | 5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
| ||||||
| Vulnerability Consequences: | Bypass Security | ||||||
| References: | Source: CCN Type: BugTraq Mailing List, Tue Apr 01 2003 - 16:05:44 CST Microsoft Terminal Services vulnerable to MITM-attacks. Source: CCN Type: BugTraq Mailing List, Thu Apr 03 2003 - 23:32:39 CST Re: Microsoft Terminal Services vulnerable to MITM-attacks. Source: CCN Type: BugTraq Mailing List, Thu Apr 10 2003 - 09:18:37 CDT Re: Microsoft Terminal Services vulnerable to MITM-attacks. Source: CCN Type: BID-7258 Microsoft Windows Remote Desktop Protocol Server Key Verification Vulnerability Source: CCN Type: BID-7276 Citrix ICA Client Server Key Verification Vulnerability Source: XF Type: UNKNOWN win2k-terminal-mitm(11696) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| BACK | |||||||