Terminal Services Doesn't Use Network Level Authentication (NLA) Only

medium Nessus Plugin ID 58453
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Terminal Services doesn't use Network Level Authentication only.

Description

The remote Terminal Services is not configured to use Network Level Authentication (NLA) only. NLA uses the Credential Security Support Provider (CredSSP) protocol to perform strong server authentication either through TLS/SSL or Kerberos mechanisms, which protect against man-in-the-middle attacks. In addition to improving authentication, NLA also helps protect the remote computer from malicious users and software by completing user authentication before a full RDP connection is established.

Solution

Enable Network Level Authentication (NLA) on the remote RDP server. This is generally done on the 'Remote' tab of the 'System' settings on Windows.

See Also

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732713(v=ws.11)

http://www.nessus.org/u?e2628096

Plugin Details

Severity: Medium

ID: 58453

File Name: rdp_credssp_detect.nbin

Version: 1.66

Type: remote

Family: Misc.

Published: 3/23/2012

Updated: 7/12/2021

Dependencies: windows_terminal_services.nasl, os_fingerprint.nasl

Asset Inventory: true

Hardware Inventory: true

OS Identification: true

Risk Information

CVSS Score Source: manual

CVSS Score Rationale: Based on analysis of security feature.

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Medium

Base Score: 4

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N

Vulnerability Information

CPE: cpe:/o:microsoft:windows, cpe:/a:microsoft:remote_desktop_protocol