Tuesday, 6 August 2013

Windows Remote Desktop Protocol Weak Encryption Method Allowed - Validating the Findings

Results from Qualys Scan

-Windows Remote Desktop Protocol Weak Encryption Method Allowed

Remote Desktop Protocol is a protocol by which Terminal Service provides desktop level access to a remote user. It can be used to remotely login and interact with a Windows machine.
Since RDP transfers sensitive information about the user and the system, it can be configured to use encryption to provide privacy and integrity for its sessions. It is possible to configure RDP to use encryption algorithms that are considered insecure, such as RC4 40bit and RC4 56 bit.

If an attacker has access to the network traffic with RDP sessions using weak encryption methods, then it will be possible for them to bruteforce the encryption parameters and compromise privacy of the RDP session.

RDP needs to be configured to use strong encryption methods or use SSL as the privacy and integrity provider. To configure RDP encryption methods 'Terminal Services Configuration' snap-in can be launched in mmc.exe. In 'Terminal Services Configuration' properties dialog box General tab for the Encryption Level 'High' should be selected.


Validating the Findings
In order to validate the findings, we use additional tools to see if we can get the same output as Qualys scan. In this case, Qualys detected that the encryption algorithm used are RC4-40bit and RC5-56bit, hence our objective is to use other tools to get that information.

Using NMAP

nmap -p 3389 --script rdp-enum-encryption <ip>

Using Perl Script

Download the package using wget
#wget http://labs.portcullis.co.uk/download/rdp-sec-check-0.8.tar.gz

Extract the package
#tar -xvzf rdp-sec-check-0.8.tar.gz

Run the script
#./rdp-sec-check-pl <IP address>



  1. Great information, thank you for the write up!

  2. Hi, I think your blog is very good, very poetic, also very talented, hope you can pay attention to my blog, thank you for coming. Visit here:- USA RDP