Windows Terminal Services server running

Description

A Windows Terminal Services server is running on this host. Terminal Services is one of the components of Microsoft Windows (both server and client versions) that allows a user to access applications and data on a remote computer. Microsoft's RDP implementation of Terminal Services doesn't verify the server's identity when setting up the encryption keys for the RDP session. This vulnerability can result in a potential man-in-the-middle (MITM) attack.

ShareShare on FacebookTweet about this on TwitterShare on Google+

Impact
Possible information disclosure.

Recommendation
It's recommended to restrict access to valid users and/or hosts.

References
How Secure are Windows Terminal Services?
Configuring authentication and encryption
Man-in-the-Middle Attack on Microsoft Terminal Services