Conclusion
Microsoft is well aware of these issues. In a January 2005 Technet article, Microsoft documented the problem: "Remote Desktop Protocol (RDP) provides data encryption, but it does not provide authentication to verify the identity of a terminal server." For that reason, Microsoft suggests that RDP connections be additionally secured through Transport Layer Security (TLS) [3].
This meant that the already encrypted RDP packet is encrypted yet again. But thanks to the authentication in TLS, at least no attacker can intrude undetected. According to Microsoft, in order for this to work, the terminal server must be running on Windows Server 2003 and the client on either Windows 2000 or XP.
The possibility of an attack that is invisible to the victim forbids the unsecured use of Terminal Services and Remote Desktop in business networks. But when the attacker is not in the same network as the RDP client or server, the risk is mitigated. He must then bring a system on the way between client and server under his control in order to carry out a MITM attack.
According to a variety of studies, the majority of attacks in networks originate not with an external hacker but from within. Dissatisfied or simply curious workers can in this way gain access to critical data even without much technical knowledge. Limiting user rights at workstations certainly reduces the risk, but if a worker can boot his computer from a CD or connect a laptop that he brought in to the network, limiting user rights will not properly stop him. Any administrator who uses RDP connections to maintain a users computer, but fails to secure it using, for example, TLS, risks compromising their administrator password. An RDP session to Windows servers has to be secured by such means; access without additional authentication is also taboo. (dmk)
References
[1] Advisory from Massimiliano Montoro: Microsoft RDP Man in the Middle Vulnerability
[2] Homepage Cain&Abel
[3] Technet article over RDP: Configuring authentication and encryption
Bus
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
