Terminal Services Doesn't Use Network Level Authentication (NLA) Only

Medium Nessus Plugin ID 58453


The remote Terminal Services doesn't use Network Level Authentication only.


The remote Terminal Services is not configured to use Network Level Authentication (NLA) only. NLA uses the Credential Security Support Provider (CredSSP) protocol to perform strong server authentication either through TLS/SSL or Kerberos mechanisms, which protect against man-in-the-middle attacks. In addition to improving authentication, NLA also helps protect the remote computer from malicious users and software by completing user authentication before a full RDP connection is established.


Enable Network Level Authentication (NLA) on the remote RDP server. This is generally done on the 'Remote' tab of the 'System' settings on Windows.

See Also



Plugin Details

Severity: Medium

ID: 58453

File Name: rdp_credssp_detect.nbin

Version: $Revision: 1.34 $

Type: remote

Family: Misc.

Published: 2012/03/23

Modified: 2018/01/29

Dependencies: 10940, 11936

Risk Information

Risk Factor: Medium


Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/o:microsoft:windows, cpe:/a:microsoft:remote_desktop_protocol