Microsoft Windows Remote Desktop Protocol Server Man-in-the-Middle Weakness

medium Nessus 插件 ID 18405


全新!插件严重性现在使用 CVSS v3

计算的插件严重性默认已更新为使用 CVSS v3。没有 CVSS v3 分数的插件将回退到 CVSS v2 来计算严重性。可以在设置下拉列表中切换严重性显示首选项。


It may be possible to get access to the remote host.


The remote version of the Remote Desktop Protocol Server (Terminal Service) is vulnerable to a man-in-the-middle (MiTM) attack. The RDP client makes no effort to validate the identity of the server when setting up encryption. An attacker with the ability to intercept traffic from the RDP server can establish encryption with the client and server without being detected. A MiTM attack of this nature would allow the attacker to obtain any sensitive information transmitted, including authentication credentials.

This flaw exists because the RDP server stores a hard-coded RSA private key in the mstlsapi.dll library. Any local user with access to this file (on any Windows system) can retrieve the key and use it for this attack.


- Force the use of SSL as a transport layer for this service if supported, or/and

- Select the 'Allow connections only from computers running Remote Desktop with Network Level Authentication' setting if it is available.



严重性: Medium

ID: 18405

文件名: tssvc_mim.nasl

版本: 1.32

类型: remote

代理: windows

系列: Windows

发布时间: 2005/6/1

最近更新时间: 2021/3/30

依存关系: windows_terminal_services.nasl, os_fingerprint_rdp.nbin, fips_rdp.nbin, rdp_credssp_detect.nbin


CVSS 分数来源: CVE-2005-1794


风险因素: Medium

分数: 4


风险因素: Medium

基本分数: 5.1

时间分数: 3.8

矢量: AV:N/AC:H/Au:N/C:P/I:P/A:P

时间矢量: E:U/RL:OF/RC:C


CPE: cpe:/a:microsoft:remote_desktop_connection, cpe:/a:microsoft:windows_terminal_services_using_rdp

易利用性: No known exploits are available

漏洞发布日期: 2005/5/28


CVE: CVE-2005-1794

BID: 13818