CVE-2005-1794

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Terminal Services Using Rdp; Remote Desktop Connection
Vendor: CVE Published:; 1 June 2005

Badges

👾 Exploit Exists🟡 Public PoC

Summary

Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 stores an RSA private key in mstlsapi.dll and uses it to sign a certificate, which allows remote attackers to spoof public keys of legitimate servers and conduct man-in-the-middle attacks.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2005-1794Scanner
Created by InitRoot

References

http://secunia.com/advisories/15605/

third-party-advisoryx_refsource_SECUNIA

http://www.oxid.it/downloads/rdp-gbu.pdf

x_refsource_MISC

http://www.securityfocus.com/bid/13818

vdb-entryx_refsource_BID

Timeline

🟡
Public PoC available
Apr 12, 2022
👾
Exploit known to exist
Apr 12, 2022
Vulnerability published
Jun 1, 2005
Vulnerability Reserved
Jun 1, 2005

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)