Potential vulnerabilities of the Microsoft RVP-based Instant Messaging

From: Dimitrios Petropoulos (d.petropoulos@ENCODE-SEC.COM)
Date: 03/19/02

• Previous message: Russ: "Alert:Microsoft Security Bulletin - MS02-013"
• Next in thread: Greg Corey: "Re: Potential vulnerabilities of the Microsoft RVP-based Instant Messaging"
• Reply: Greg Corey: "Re: Potential vulnerabilities of the Microsoft RVP-based Instant Messaging"
• Reply: Russ: "Re: Potential vulnerabilities of the Microsoft RVP-based Instant Messaging"
• Reply: Dimitrios Petropoulos: "Re: Potential vulnerabilities of the Microsoft RVP-based Instant Messaging"
• Reply: Brown, Keith: "Re: Potential vulnerabilities of the Microsoft RVP-based Instant Messaging"
• Reply: Justin Moebus: "Re: Potential vulnerabilities of the Microsoft RVP-based Instant Messaging"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date:         Tue, 19 Mar 2002 15:35:51 +0200
From: Dimitrios Petropoulos <d.petropoulos@ENCODE-SEC.COM>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

The Encode Security Labs performed an empirical analysis of the
Microsoft Instant Messaging implementation based on Exchange 2000 and
using the MSN Messenger Service v3.6 client.

The most important findings about the IM service are:

-it does not offer any confidentiality
-it is vulnerable to man-in-the-middle attacks
-its authentication methods are weak and only employ unilateral
authentication
-it does not offer any form of data origin authentication
-the IM service is not easy to firewall since the server uses arbitrary
port numbers to deliver messages to clients

The report is available (in PDF format) from
http://www.encode-sec.com/security.html

Vendor notification status: Microsoft was contacted on 24 January 2002

-----------------------
Dimitrios Petropoulos
MSc InfoSec, CISSP

Director, Security Research & Development

ENCODE S.A.
3, R.Melodou Str
151 25 Marousi
Athens, Greece
Tel: +3010-6178410
Fax: +3010-6109579
Mob: +30944-506334
web: www.encode-sec.com
------------------------

---

• Previous message: Russ: "Alert:Microsoft Security Bulletin - MS02-013"
• Next in thread: Greg Corey: "Re: Potential vulnerabilities of the Microsoft RVP-based Instant Messaging"
• Reply: Greg Corey: "Re: Potential vulnerabilities of the Microsoft RVP-based Instant Messaging"
• Reply: Russ: "Re: Potential vulnerabilities of the Microsoft RVP-based Instant Messaging"
• Reply: Dimitrios Petropoulos: "Re: Potential vulnerabilities of the Microsoft RVP-based Instant Messaging"
• Reply: Brown, Keith: "Re: Potential vulnerabilities of the Microsoft RVP-based Instant Messaging"
• Reply: Justin Moebus: "Re: Potential vulnerabilities of the Microsoft RVP-based Instant Messaging"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > NT-Bugtraq  > 2002-03