Is CredSSP secure?

Credssp windows10

A critical vulnerability has been discovered in the Credential Security Support Provider Protocol (CredSSP) that affects all versions of Windows to date and could allow remote attackers to exploit RDP and WinRM to steal data and execute malicious code.

Discovered by researchers at cybersecurity firm Preempt Security, the issue (CVE-2018-0886) is a cryptographic logic flaw in CredSSP that can be exploited by an attacker with Wi-Fi or physical network access to steal session authentication data and perform a remote procedure call attack.

When a client and server authenticate through the RDP and WinRM connection protocols, a man-in-the-middle attacker can execute remote commands to compromise enterprise networks.

“An attacker who has stolen a session from a user with sufficient privileges could execute different commands with local administrator privileges. This is especially critical in the case of domain controllers, where most remote procedure calls (DCE/RPC) are enabled by default,” says Yaron Zinar, principal security researcher at Preempt.

Remote desktop problem credssp

After the May 2018 upgrade to Windows 10, most computers running Windows remote desktop functionality face an RDP authentication error, the requested feature is not supported issue where they get the following error when logging into a remote computer via RDP.

To solve this problem, Microsoft introduced the Network Level Authentication (NLA) protocol that works together with CredSSP and preauthenticates RDP client users via TLS/SSL or Kerberos.

In a situation where the server does not have the required Windows update patch, an updated client computer will refuse to connect to the unsecured server because Microsoft makes it mandatory to enable NLA for a secure remote desktop connection.

Read more  How does event delegation work?

The first and most recommended solution to this problem is to update the target computer on which you are trying to connect remotely. Go to Windows Update and check for updates. Install all updates specifically related to CVE-2018-0886.

Credssp remote desktop error windows 10

After the Windows security updates in May 2018, when attempting to RDP to a Windows 10 Pro workstation, the following error message is displayed after successfully entering user credentials:

Based entirely on Graham Cuthbert’s response, I created a text file in Notepad with the following lines, and simply double-clicked after (which should add to the Windows Registry whatever parameters are in the file).

@ nivs1978, this file is intended to be used on the client side, assuming the client has the latest updates and the server does not. So it will basically allow the most updated client to connect to a server that has not been updated recently.

Thanks! I am using Win 10 Home. I uninstalled the winning update that created this problem 10 times, and MS keeps rolling it back, despite doing everything I can to stop it. There is also no Policy Editor (or it is not respected) in this version of Windows. I looked for these registry keys, per documents I read, and they didn’t exist, so I figured they wouldn’t work. But I tried running your registry file anyway, it solved the problem like a charm!

Credssp disable

Is the “credssp.dll” library Safe or Threatening ? Loading Graph100% of the files reviewed are marked as Safe .100% of the files reviewed are marked as System files .Our final rating for this file is Safe. Final ratings are based on reviews, date of discovery, user occurrence and antivirus result.

Read more  Is there any paper shredder made in the USA?

(*) Please write reviews in ENGLISH language. If you wish to use a different language, please switch to the corresponding language page. By submitting material, you agree that you are not submitting copyrighted, protected or secret material or material subject to third party proprietary rights, including privacy and publicity rights, unless you are the owner of such rights or have the owner’s permission to post the material.