CVE-2005-1794

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2005-1794
Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 stores an RSA private key in mstlsapi.dll and uses it to sign a certificate, which allows remote attackers to spoof public keys of legitimate servers and conduct man-in-the-middle attacks.

6.4 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://secunia.com/advisories/15605/
http://www.oxid.it/downloads/rdp-gbu.pdf Vendor Advisory
http://www.securityfocus.com/bid/13818
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12441
http://secunia.com/advisories/15605/
http://www.oxid.it/downloads/rdp-gbu.pdf Vendor Advisory
http://www.securityfocus.com/bid/13818
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12441
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:microsoft:remote_desktop_connection:5.1.2600.2180:*:windows_xp:*:*:*:*:*
cpe:2.3:a:microsoft:windows_terminal_services_using_rdp:5.2:*:*:*:*:*:*:*
History

20 Nov 2024, 23:58

Type Values Removed Values Added
References () http://secunia.com/advisories/15605/ - () http://secunia.com/advisories/15605/ -
References () http://www.oxid.it/downloads/rdp-gbu.pdf - Vendor Advisory () http://www.oxid.it/downloads/rdp-gbu.pdf - Vendor Advisory
References () http://www.securityfocus.com/bid/13818 - () http://www.securityfocus.com/bid/13818 -
References () https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 - () https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12441 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12441 -
Information

Published : 2005-06-01 04:00

Updated : 2025-04-03 01:03

NVD link : CVE-2005-1794

Mitre link : CVE-2005-1794

CVE.ORG link : CVE-2005-1794

JSON object : View

Products Affected

microsoft

  • windows_terminal_services_using_rdp
  • remote_desktop_connection
CWE
NVD-CWE-Other