Vulnerability Summary for CVE-2005-1794 RDP

Vulnerability Summary for CVE-2005-1794 Original release date:06/01/2005 Last revised:09/05/2008 Source: US-CERT/NIST Overview Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 stores an RSA private key in mstlsapi.dll and uses it to sign a certificate, which allows remote attackers to spoof public keys of legitimate servers and conduct man-in-the-middle attacks. Impact CVSS Severity (version 2.0 incomplete approximation): CVSS v2 Base Score:6.4 (MEDIUM) (AV:N/AC:L/Au:N/C:P/I:P/A:N) (legend) Impact Subscore: 4.9 Exploitability Subscore: 10.0 CVSS Version 2 Metrics: Access Vector: Network exploitable Access Complexity: Low Authentication: Not required to exploit Impact Type:Allows unauthorized disclosure of information; Allows unauthorized modification References to Advisories, Solutions, and Tools By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov. External Source: BID Name: 13818 Hyperlink:http://www.securityfocus.com/bid/13818 External Source: MISC Name: http://www.oxid.it/downloads/rdp-gbu.pdf Type: Advisory Hyperlink:http://www.oxid.it/downloads/rdp-gbu.pdf External Source: SECUNIA Name: 15605 Hyperlink:http://secunia.com/advisories/15605/ Vulnerable software and versions Configuration 1 OR * cpe:/a:microsoft:remote_desktop_connection:5.1.2600.2180::windows_xp * cpe:/a:microsoft:windows_terminal_services_using_rdp:5.2 * Denotes Vulnerable Software * Changes related to vulnerability configurations Technical Details Vulnerability Type (View All) CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1794