Microsoft Windows Terminal Services Remote Security Restriction Bypass Vulnerability
BID:23899
Info
Microsoft Windows Terminal Services Remote Security Restriction Bypass Vulnerability
| Bugtraq ID: | 23899 |
| Class: | Access Validation Error |
| CVE: |
CVE-2007-2593 |
| Remote: | Yes |
| Local: | No |
| Published: | May 09 2007 12:00AM |
| Updated: | May 07 2015 05:39PM |
| Credit: | [email protected] discovered this issue. |
| Vulnerable: |
Microsoft Windows Server 2003 Terminal Services 0 |
| Not Vulnerable: | |
Discussion
Microsoft Windows Terminal Services Remote Security Restriction Bypass Vulnerability
Microsoft Windows Terminal Services is prone to a remote security-restriction bypass vulnerability because the server software fails to properly enforce encryption requirements.
Users can connect to affected servers; no encryption is required. Attackers can thus bypass security requirements configured by administrators and perform man-in-the-middle attacks or eavesdrop on RDP sessions.
This issue affects Terminal Services installed on Windows 2003 Server; other versions may also be affected.
Microsoft Windows Terminal Services is prone to a remote security-restriction bypass vulnerability because the server software fails to properly enforce encryption requirements.
Users can connect to affected servers; no encryption is required. Attackers can thus bypass security requirements configured by administrators and perform man-in-the-middle attacks or eavesdrop on RDP sessions.
This issue affects Terminal Services installed on Windows 2003 Server; other versions may also be affected.
Exploit / POC
Microsoft Windows Terminal Services Remote Security Restriction Bypass Vulnerability
Specific exploit code is not required for this issue. Attackers use readily available network utilities.
Specific exploit code is not required for this issue. Attackers use readily available network utilities.
Solution / Fix
Microsoft Windows Terminal Services Remote Security Restriction Bypass Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Microsoft Windows Terminal Services Remote Security Restriction Bypass Vulnerability
References:
References: