obably go
ahead.
Harry.
On 23 August 2014 18:19, speidy wrote:
> Hi Harry,
>
> TLS is supported by all well-known clients today (freerdp, rdesktop,
> mstsc, itap).
>
> It is referres as 'RDP Enhanced Security' mode at ms docs.
>
> Idan.
> On Aug 23, 2014
Jay,
Thanks. Yes, that was my understanding; the vulnerability is in the
protocol, so it affects all Microsoft-compatible RDP (5.2 or earlier)
software. I think it is clear that this is not widely understood, though,
and this is what concerns me at present.
We're moving to TLS encryption in xrd
On 19 August 2014 16:51, speidy wrote:
> Hi Harry,
>
> We have an rsa key generator tool to produce a new rsa key for xrdp server
> usage.
>
That's xdrp-keygen, right?
Looking at the code, the key generated by this tool is signed by the
well-known private key, in exactly the same way as describ
On 19 August 2014 09:09, Jonathan Buzzard wrote:
What on earth makes you think that xrdp would have the same hard coded
> RSA key in it that a Microsoft terminal server binary had in it nine
> years ago. What makes you think it has any hard coded RSA keys?
>
That would be because when I looked i
Hi,
I'm concerned that a number of web sites wrongly claim or imply that the
vulnerability described in CVE-2005-1794 doesn't apply to xrdp, e.g., see
http://people.canonical.com/~ubuntu-security/cve/2005/CVE-2005-1794.html
and
https://security-tracker.debian.org/tracker/CVE-2005-1794
(As a r
