Summary #

Netsparker identified that Terminal Services Web Access (TS Web Access) is publicly accessible on the target server.

TS Web Access enables users to connect from a Web browser to the remote desktop of any user accessible server or client computer.

Impact #
This issue is reported as additional information only. There is no direct impact arising from this issue.
Remediation #
Configure your web server to prevent public access to the TS Web Access interface by implementing access control mechanisms.
Classifications #
PCI v3.2-6.5.8; CAPEC-87; CWE-425; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.1; WASC-34; OWASP PC-C6; OWASP 2013-A7; OWASP 2017-A5 , CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

Get a demo