openVAS – Microsoft RDP Server Private Key Information Disclosure Vulnerability – false Alarm?

huebkov asked:

I performed a openVAS scan on a Windows Server 2008 R2 and got a report for a high threat level vulnerability called Microsoft RDP Server Private Key Information Disclosure Vulnerability. An remote attacker could perform a man-in-the-middle attack to gain access to a RDP session.

Affected Software is Microsoft RDP 5.2 and below.
My server uses RDP 7.1, is this alarm a false alarm?

Security Advisor Pages say: Solution Status Unpatched, No remedy…

References
http://secunia.com/advisories/15605/
http://xforce.iss.net/xforce/xfdb/21954/
http://www.oxid.it/downloads/rdp-gbu.pdf
CVE: CVE-2005-1794
BID:13818

My answer:


It was fixed in 5.3, (actually 6.0 since there wasn’t a 5.3, but the vulnerability tests look for 5.3) so if you have 7.1 then it does not apply to your system.

Unfortunately it doesn’t appear to be possible to detect the exact RDP version remotely, as the RDP server returns the same version number for anything 5.0 and higher. This vulnerability, then, would always be reported if an RDP server is present on the target host.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.