RDP still susceptible to Man in middle attack?

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Greetings,

After a quick nessus scan on one of my RDP - enabled machines I realized
that RDP is susceptible to man in middle attacks. Even after the XP SP2 .. a
rogue machine can decrypt the communication between the two machines in
question, revealing passwords and such sensitive information. Are there any
plans to fix the design flaw?

Best regards,
recon
 
After a quick nessus scan on one of my RDP - enabled machines I realized
that RDP is susceptible to man in middle attacks. Even after the XP SP2 .. a
rogue machine can decrypt the communication between the two machines in
question, revealing passwords and such sensitive information. Are there any
plans to fix the design flaw?
Click to expand...

What flaw? Post nessus scan procedure or other details how you discovered
that RDP defficiency; then we can talk.
 
I can't answer your question directly other than to say consider running RDP
through a VPN or SSH tunnel. Personally I use the SSH method with a
private/public key pair (encrypted with a strong pass phrase) for
authentication.

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual
benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...
 
Back
Top