Authentication / Remote Desktop Protocol Server Man-in-the-Middle Weakness

Description

The Remote Desktop Protocol (RDP) Server contains a vulnerability that exposes it to man-in-the-middle (MiTM) attacks. This weakness arises from the RDP client's failure to validate the server's identity during the encryption setup process. As a result, an attacker capable of intercepting traffic can establish secure communications between the client and server without detection, gaining access to sensitive information, including authentication credentials. The flaw is mainly due to the presence of a hard-coded RSA private key within the RDP server, making it susceptible to exploitation by attackers in a privileged network location.

Risk

If successfully exploited, this vulnerability allows unauthorized access to sensitive data and credentials transmitted during RDP sessions. The implications can be severe, leading to unauthorized system access, data breaches, and potential compromise of connected network resources.

Solution

To mitigate this vulnerability, it is essential to enforce the use of SSL as the transport layer for RDP connections, if supported. Additionally, for Microsoft Windows operating systems, enabling the 'Allow connections only from computers running Remote Desktop with Network Level Authentication' setting can enhance security by ensuring that only properly authenticated clients can establish connections.