openVAS – Microsoft RDP Server Private Key Information Disclosure Vulnerability – false Alarm?

hub asked:

I performed a openVAS scan on a Windows Server 2008 R2 and got a report for a high threat level vulnerability called Microsoft RDP Server Private Key Information Disclosure Vulnerability. An remote attacker could perform a man-in-the-middle attack to gain access to a RDP session.

Affected Software is Microsoft RDP 5.2 and below.
My server uses RDP 7.1, is this alarm a false alarm?

Security Advisor Pages say: Solution Status Unpatched, No remedy…

CVE: CVE-2005-1794

My answer:

It was fixed in 5.3, (actually 6.0 since there wasn’t a 5.3, but the vulnerability tests look for 5.3) so if you have 7.1 then it does not apply to your system.

Unfortunately it doesn’t appear to be possible to detect the exact RDP version remotely, as the RDP server returns the same version number for anything 5.0 and higher. This vulnerability, then, would always be reported if an RDP server is present on the target host.

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.