Results 1 to 2 of 2

Thread: MS silently fixes password sniffing bug with XP SP1

  1. #1
    Precision Processor Super Moderator egghead's Avatar
    Join Date
    May 2002
    In Your Monitor

    MS silently fixes password sniffing bug with XP SP1

    MS silently fixes password sniffing bug with XP SP1
    By John Leyden
    Posted: 18/09/2002 at 19:13 GMT

    Keystrokes, including passwords, can be sniffed when using Windows Terminal Server or the XP remote control feature. MS has rolled a fix silently into SP1 without making any public statement on this serious problem.

    The cause of the keystroke
    -sniffing feature is a design mistake in Microsoft's Remote Desktop Protocol (RDP) which leaks information about the contents of encrypted packets through their checksums. This is because packets with the same plaintext have matching checksums throughout a particular session.

    Here, it's possible to crash a client at the start of a session by sending commands, related to rendering patterns, which force a reboot (as explained here). Once again Skygate notified MS of the bug on April 16, and once again a fix was silently rolled into XP SP1.

    To fix the vulns, you have two choices. You can install XP's new SP1, which will give Billg remote root privileges on your box by virtue of his new Trojan EULA (and silently re-enable some services you may have disable such as 'automatic update').

    read the complete story here

  2. #2
    Member tons of fun's Avatar
    Join Date
    Aug 2002

    Thumbs up

    Good one ....thanks!!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts