TLS Vulnerability in Microsoft Windows Terminal Server
CVE-2007-2593

Currently unrated

Key Information:

Vendor
Microsoft
Status
Terminal Server
Vendor
CVE Published:
11 May 2007

Summary

The Terminal Server component of Microsoft Windows 2003 Server has a significant vulnerability that allows remote attackers to bypass SSL and self-signed certificate requirements when using TLS. This weakness potentially enables attackers to downgrade server security mechanisms, risking exposure to man-in-the-middle attacks through various unspecified methods. The issue was particularly highlighted in relation to the Remote Desktop Protocol (RDP) 6.0 client. It has been suggested by third-party sources that fixes for this vulnerability may have been implemented around 2006.

References

http://www.securityfocus.com/archive/1/468049/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/468057/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/468203/100/0/threaded
mailing-listx_refsource_BUGTRAQ

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2007-2593 : TLS Vulnerability in Microsoft Windows Terminal Server | SecurityVulnerability.io