Rapid7 Vulnerability & Exploit Database

MS02-051: Cryptographic Flaw in RDP Protocol can Lead to Information Disclosure (Q324380)

Back to Search

MS02-051: Cryptographic Flaw in RDP Protocol can Lead to Information Disclosure (Q324380)

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
09/18/2002
Created
07/25/2018
Added
11/30/2004
Modified
01/11/2016

Description

Your system may require one or more security patches or hotfixes from Microsoft.

The Remote Data Protocol (RDP) provides the means by which Windows systems can provide remote terminal sessions to clients. The protocol transmits information regarding a terminal sessions' keyboard, mouse and video to the remote client, and is used by Terminal Services in Windows NT 4.0 and Windows 2000, and by Remote Desktop in Windows XP. Two security vulnerabilities, both of which are eliminated by this patch, have been discovered in various RDP implementations. The first involves how session encryption is implemented in certain versions of RDP. All RDP implementations allow the data in an RDP session to be encrypted. However, in the versions in Windows 2000 and Windows XP, the checksums of the plaintext session data are sent without being encrypted themselves. An attacker who was able to eavesdrop on and record an RDP session could conduct a straightforward cryptanalytic attack against the checksums and recover the session traffic. The second involves how the RDP implementation in Windows XP handles data packets that are malformed in a particular way. Upon receiving such packets, the Remote Desktop service would fail, and with it would fail the operating system. It would not be necessary for an attacker to authenticate to an affected system in order to deliver packets of this type to an affected system.

Solution(s)

  • WINDOWS-HOTFIX-MS02-051-ff59c5d8-32c0-406d-8445-fb2b16a85479
  • WINDOWS-HOTFIX-MS02-051-e5350583-b968-4422-9236-0f609e2c0b6c

References

  • WINDOWS-HOTFIX-MS02-051-ff59c5d8-32c0-406d-8445-fb2b16a85479
  • WINDOWS-HOTFIX-MS02-051-e5350583-b968-4422-9236-0f609e2c0b6c

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;