Wishlist-type idea It's possible to RCE a server via MITM of CredSSP auth. References: * https://support.microsoft.com/en-us/topic/credssp-updates-for-cve-2018-0886-5cbf9e5f-dc6d-744f-9e97-7ba400d6d3ea * CredSSP Spec: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-cssp/85f57821-40bb-46aa-bfcb-ba9590b8fc30 * Exploit demo: https://www.youtube.com/watch?v=VywB2_o9Tsk * Exploit blog (from wayback machine): https://web.archive.org/web/20201210213109/https://www.preempt.com/blog/ms-rdp-credssp-vulnerability/
Wishlist-type idea
It's possible to RCE a server via MITM of CredSSP auth.
References: