[THIN] More on RDP MiTM Vulnerability

• From: "Jim Kenzig http://thethin.net" <jimkenz@xxxxxxxxxxxxxx>
• To: <thin@xxxxxxxxxxxxx>
• Date: Thu, 10 Apr 2003 19:29:31 -0400

This is from Sans.  I find it EXTREMELY interesting that the person
reporting this is from Cendio who are makers of a new Terminal Services
Linux Product called ThinLinc.
http://www.cendio.com/page.thinlinc.Information

They wouldn't be trying to get some attention now would they?
JK

http://archives.neohapsis.com/archives/bugtraq/2003-04/0035.html

Microsoft Terminal Services vulnerable to MITM-attacks.

From: Erik Forsberg (forsberg+btqcendio.se)
Date: Tue Apr 01 2003 - 16:05:44 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

----------------------------------------------------------------------------
----

During extensive investigation of the Remote Desktop Protocol (RDP),
the protocol used to connect to Windows Terminal Services, we (Cendio
Systems) have found that although the information sent over the network is
encrypted, there is no verification of the identity of the server when
setting up the encryption keys for the session.


This means RDP is vulnerable to Man In The Middle attacks (from here
on referred to as MITM attacks). The attack works as follows:


1) The client connects to the server, however by some method (DNS
   spoofing, arp poisioning, etc.) we've fooled it to connect to the
   MITM instead. The MITM sends the request further to the server.
2) The server sends it's public key and a random salt, in cleartext,
   again through the MITM. The MITM sends the packet further to the
   client, but exchanges the public key to another one for which it
   knows the private part.
3) The client sends a random salt, encrypted with the server public
   key, to the MITM.
4) The MITM deencrypts the clients random salt with it's private key,
   encrypts it with the real servers public key and sends it to the
   server.
5) The MITM now know both the server and the client salt, which is
   enough information to construct the session keys used for further
   packets sent between the client and the server. All information
   sent between the parts can now be read in cleartext.


The vulnerability occurs because the clients by no means try to verify
the public key of the server, sent in step 2 above. In other
protocols, such as the Secure Shell protocol, most client
implementations solve this for example by letting the user answer a
question whether a specific serverkey fingerprint is valid.


The clients we've seen so far for RDP have no way to preinsert a known
server key. There is also no interaction with the user in order to
verify a key the first time a connection is made to a new server.


We have communicated with Microsoft in this matter, and they
confirmed 2003-03-19 that the problem do exist in their current
implementation. They are currently "investigating the feasability in
adding this functionality". They also point out that they do not claim
RDP having the functionality of providing server authentication.


We feel that Microsoft is not taking this seriously enough. We know
there are sites using Terminal Services to transfer sensitive data,
and we feel that they need to be informed about this vulnerability in
order to be able protect their networks. This is why we publish this
information at this moment.


We've tested this vulnerability against Windows 2000 Terminal Server,
Windows 2000 Advanced Server and the upcoming Windows Server 2003
using both the clients delivered with Windows 2000 and the latest
downloadable RDP client from Microsoft. We have reason to believe that
the vulnerability exists when running both RDP version 4 and 5, and
regardless of terminal server mode.


We have developed software that can be used to exploit this
vulnerability, but we choose not to release it.


\EF
--
Erik Forsberg Telephone: +46-13-21 46 00
Cendio Systems Web: http://www.thinlinc.com

********************************************************
This Week's Sponsor - ThinPrint
Simply the best print solution for
Microsoft Terminal Services 
and Citrix Metaframe.
http://www.thinprint.com/
**********************************************************

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm

Other related posts:

• » [THIN] More on RDP MiTM Vulnerability

1. Home
2. thin
3. Archive
4. 04-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---