Vulnerability Summary for CVE-2005-1794 RDP

最新推荐文章于 2024-03-20 15:30:00 发布

hack8

最新推荐文章于 2024-03-20 15:30:00 发布

阅读量3.7k

点赞数

分类专栏：协议分析文章标签： hyperlink microsoft terminal authentication access windows

协议分析专栏收录该内容

59 篇文章

订阅专栏

Vulnerability Summary for CVE-2005-1794 Original release date:06/01/2005 Last revised:09/05/2008 Source: US-CERT/NIST Overview Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 stores an RSA private key in mstlsapi.dll and uses it to sign a certificate, which allows remote attackers to spoof public keys of legitimate servers and conduct man-in-the-middle attacks. Impact CVSS Severity (version 2.0 incomplete approximation): CVSS v2 Base Score:6.4 (MEDIUM) (AV:N/AC:L/Au:N/C:P/I:P/A:N) (legend) Impact Subscore: 4.9 Exploitability Subscore: 10.0 CVSS Version 2 Metrics: Access Vector: Network exploitable Access Complexity: Low Authentication: Not required to exploit Impact Type:Allows unauthorized disclosure of information; Allows unauthorized modification References to Advisories, Solutions, and Tools By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov. External Source: BID Name: 13818 Hyperlink:http://www.securityfocus.com/bid/13818 External Source: MISC Name: http://www.oxid.it/downloads/rdp-gbu.pdf Type: Advisory Hyperlink:http://www.oxid.it/downloads/rdp-gbu.pdf External Source: SECUNIA Name: 15605 Hyperlink:http://secunia.com/advisories/15605/ Vulnerable software and versions Configuration 1 OR * cpe:/a:microsoft:remote_desktop_connection:5.1.2600.2180::windows_xp * cpe:/a:microsoft:windows_terminal_services_using_rdp:5.2 * Denotes Vulnerable Software * Changes related to vulnerability configurations Technical Details Vulnerability Type (View All) CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1794