178 – Insecure service configuration - RDP
Description
The RDP service has enabled the RC4 cipher suite considered outdated when is used in conjunction with TLS/SSL.
Impact
Obtain information derived from the encrypted channel.
Recommendation
Disable the RC4 cipher suite on the server.
Threat
Anonymous attacker in the intranet.
Expected Remediation Time
Score 4.0
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
- Attack vector: A
- Attack complexity: H
- Attack Requirements: N
- Privileges required: N
- User interaction: A
- Confidentiality (VC): L
- Integrity (VI): N
- Availability (VA): N
- Confidentiality (SC): N
- Integrity (SI): N
- Availability (SA): N
Threat 4.0
- Exploit maturity: P