little concerned about MS RDC being to easy...

C

criccio

Fully Equipped
Joined
Mar 26, 2008
Messages
14,164
Buddy of mine was fed up with slow download speeds on a torrent, so apparently for shits and giggles he typed one of the IP's he was DLing from into Remote Desktop Connection's and to his (and my) surprise, it worked, he logged into there PC and gained full control of their desktop without any trouble. :eek: Now there is a twist, he was using MS Remote Desktop Connection for Mac. Apparently it fills in the username for you, and they just must not have had a password on their account and it let him right in.

We tried this with the pc version of RDC and it asked for a username...

Now im just a bit concerned, is there really people out there with 1, RDC set for allowing remote connections, 2, no password on their main account, and 3, RDC port opened on their router...? Or even worse, no router/firewall at all?

Is this a major security flaw with RDC for Mac?

Just a bit concerned here, anyone with some insight here?
 
the person that you were getting the torrent from must not have had any kind of security at all. That's another reason why no matter where I am going or for how long, I always lock my desktop.
 
Agreed. My roomate keeps complaining that I have passwords on all my stuff (router, firewall, computers, etc) and one night we had a party and our drunk friend wanted to hear a song that neither of us had and he started installing LimeWire on my roomies pc. My roomie came in and caught him and about killed him. Even weak passwords keep drunk friends out of your stuff...
 
Actually having no password is more secure than having a password, nothing will work remotely if you do not have one set, so your friend must have done something else to gain access. RDC is secure as you want it to be, I don't want to say everyone, but it is used A LOT in enterprise because it is so easy to use and setup.
 
If you're connecting to a remote PC it wouldn't supply the connecting client with a username, so it would have to be the local computer adding it in.
 
criccio said:
Buddy of mine was fed up with slow download speeds on a torrent, so apparently for shits and giggles he typed one of the IP's he was DLing from into Remote Desktop Connection's and to his (and my) surprise, it worked, he logged into there PC and gained full control of their desktop without any trouble. :eek: Now there is a twist, he was using MS Remote Desktop Connection for Mac. Apparently it fills in the username for you, and they just must not have had a password on their account and it let him right in.

We tried this with the pc version of RDC and it asked for a username...

Now im just a bit concerned, is there really people out there with 1, RDC set for allowing remote connections, 2, no password on their main account, and 3, RDC port opened on their router...? Or even worse, no router/firewall at all?

Is this a major security flaw with RDC for Mac?

Just a bit concerned here, anyone with some insight here?
Click to expand...
You might have just got into a honeypot.
1. By default RDC is off.
2. By user accounts with no passwords are restricted from logging in via RDC
3. By default windows firewall blocks remote desktop.
 
he prolly used something like dameware mini remote. There is a setting on there to use the current credentials. As long as windows firewall is off, the user realy doesn't have any other options
 
You must log in or register to reply here.
Back
Top