full address:s:192.168.1.100 username:s:DOMAIN\john.doe disable password saving:i:0 authentication level:i:0 Saved passwords are encrypted using – tied to the user account that created the shortcut. 4. Security Risks | Risk | Description | |------|-------------| | Credential exposure | If the .rdp file is copied or sent, the encrypted password may be decrypted by the same user on another machine. | | Gateway hijacking | Attackers modifying a shared .rdp file can redirect connections to malicious servers (man-in-the-middle). | | Saved password abuse | A compromised user account gives access to all saved RDP connections. | | Network propagation | Malware can scan for .rdp files, extract server addresses, and move laterally. | | Phishing via .rdp | Attackers email a shortcut pointing to a fake RDP server to capture credentials. |