I have a Windows 2000 Server with SP 2 running IIS 5.0 and a Verisign certificate. The user come to the website and the default.htm has an option for them to select Terminal Server. This takes them to the Terminal Server in an https session. This is great.

However if you go to Terminal Server without this you can still get a login prompt from Terminal Server. Something to do with Active X 8.0. (KB article Q270897).

Does anyone know if this is this still a secure connection? Is the password sent across the wire unprotected?

Thanks.