When using Windows 7 mstsc to connect to an Windows Server 2008 (remote desktop), I notice a problem I cannot explain.
mstsc asks for username password first. If I provide a wrong one, mstsc tells me "The credentials that were used to connect to did not work".
Only after if I provide a correct one, mstsc warns me that the server's certificate is not trusted.
I think mstsc SHOULD prompt for "server certificate not trusted" before it verifies "whether my username/password is accepted by server".
So my question is: Is it possible that, in case the server I connect to is a forged one(hosted by an attacker), my credential will be compromised?
Even if my credentials will never be compromised in such situation, isn't it better for mstsc to prompt for server certificate problem BEFORE asking for username/password? At least, that could eliminate the worry of password being stolen for an average user.
Best Answer
What's happening here is a little complex, but if you read up on NLA and CredSSP you'll get a better picture.
http://technet.microsoft.com/en-us/library/cc749211%28WS.10%29.aspx
http://en.wikipedia.org/wiki/Network_Level_Authentication
Basically, to answer your question...No, a forged server wouldn't compromise your credentials. First thing they'd have to do to being with would be to spoof your DNS to an incorrect IP, but even then the way RDP works now (assuming we are talking a Win7 or Vista client and a Win2008 or newer server) the credentials are encrypted and not exposed (caveat is NTLM explained in the bottom of the Technet article).
Here's an excerpt that might help from the Technet article:
EDIT : let's add an example to clarify...
In this example, you'll enter the username and password, it will authenticate LOCALLY to the domain to verify it is a valid username/pwd and then try and connect to the remote server. At that point if it is the first connection you will probably get the "The identity of the remote computer cannot be verified" and you can choose to trust it or not.
Here you'll see the pic you posted...The credentials did not work. Please enter new credentials. This is done locally on the client (validated against a kerberos ticket or the DC) without ever connecting to the remote server.
Here you'll authenticate locally since it is a valid account and pwd, but once you connect to the server to pass the credentials you'll get:
Hope that helps...