VULHUB ™

It is possible for an administrator to log in to a Microsoft Windows 2000 Server using the Terminal Services client. This may be performed from a desktop that is not logged in as an administrative user. Under some circumstances, a situation arises when the terminal will not be locked after a disconnect via the Terminal Services client. This occurs when a session is left idle until the screensaver is activated, and then the user disconnects using the Terminal Services client. Upon reconnection, the terminal will fail to lock itself when left idle for any amount of time. This may create a false sense of security, as the user expects that the terminal will lock itself if left idle. An attacker with physical access to the desktop may capitalize upon this issue. While this issue has been reported for Microsoft Windows 2000 Server specifically, there may be a possibility that other versions are affected by this vulnerability.

It is possible for an administrator to log in to a Microsoft Windows 2000 Server using the Terminal Services client. This may be performed from a desktop that is not logged in as an administrative user. Under some circumstances, a situation arises when the terminal will not be locked after a disconnect via the Terminal Services client. This occurs when a session is left idle until the screensaver is activated, and then the user disconnects using the Terminal Services client. Upon reconnection, the terminal will fail to lock itself when left idle for any amount of time. This may create a false sense of security, as the user expects that the terminal will lock itself if left idle. An attacker with physical access to the desktop may capitalize upon this issue. While this issue has been reported for Microsoft Windows 2000 Server specifically, there may be a possibility that other versions are affected by this vulnerability.