egghead
September 19th, 2002, 05:34 AM
MS silently fixes password sniffing bug with XP SP1
By John Leyden
Posted: 18/09/2002 at 19:13 GMT
Keystrokes, including passwords, can be sniffed when using Windows Terminal Server or the XP remote control feature. MS has rolled a fix silently into SP1 without making any public statement on this serious problem.
The cause of the keystroke
-sniffing feature is a design mistake in Microsoft's Remote Desktop Protocol (RDP) which leaks information about the contents of encrypted packets through their checksums. This is because packets with the same plaintext have matching checksums throughout a particular session.
Here, it's possible to crash a client at the start of a session by sending commands, related to rendering patterns, which force a reboot (as explained here). Once again Skygate notified MS of the bug on April 16, and once again a fix was silently rolled into XP SP1.
To fix the vulns, you have two choices. You can install XP's new SP1, which will give Billg remote root privileges on your box by virtue of his new Trojan EULA (and silently re-enable some services you may have disable such as 'automatic update').
read the complete story here
http://www.theregister.co.uk/content/55/27181.html
By John Leyden
Posted: 18/09/2002 at 19:13 GMT
Keystrokes, including passwords, can be sniffed when using Windows Terminal Server or the XP remote control feature. MS has rolled a fix silently into SP1 without making any public statement on this serious problem.
The cause of the keystroke
-sniffing feature is a design mistake in Microsoft's Remote Desktop Protocol (RDP) which leaks information about the contents of encrypted packets through their checksums. This is because packets with the same plaintext have matching checksums throughout a particular session.
Here, it's possible to crash a client at the start of a session by sending commands, related to rendering patterns, which force a reboot (as explained here). Once again Skygate notified MS of the bug on April 16, and once again a fix was silently rolled into XP SP1.
To fix the vulns, you have two choices. You can install XP's new SP1, which will give Billg remote root privileges on your box by virtue of his new Trojan EULA (and silently re-enable some services you may have disable such as 'automatic update').
read the complete story here
http://www.theregister.co.uk/content/55/27181.html