Computer Security Global Security Mag Online anti virus spywares job oofers telecom and network security
- english:
- Product Reviews:
- Business News:
- MAGIC QUADRANT :
- Market News:
- WHITE PAPER:
- Special Reports:
- Interviews:
- Opinion:
- EVENTS:
- Security Vulnerability:
- Malware Update:
- Diary:
- Guide & Podcast:
- Jobs:
- International News:
- CONTACTS:
- TRAINING :
Global Security Magazine Online antivirus
Product Reviews
Business News
MAGIC QUADRANT 
Market News
Special Reports
Opinion
EVENTS
Security Vulnerability
Malware Update
Diary
Guide & Podcast
Jobs
International News
CONTACTS
Flux RSS
| Vigil@nce: Citrix Password Manager, information disclosure |
| May 2009 by Vigil@nce |
| SYNTHESIS OF THE VULNERABILITY An authenticated attacker can obtains his own secondary credentials used by Citrix Password Manager. Severity: 1/4 Consequences: data reading Provenance: user account Means of attack: no proof of concept, no attack Ability of attacker: expert (4/4) Confidence: confirmed by the editor (5/5) Diffusion of the vulnerable configuration: high (3/3) Creation date: 28/05/2009 IMPACTED PRODUCTS
DESCRIPTION OF THE VULNERABILITY The Citrix Password Manager product manages authentication of users. Each user authenticates on Citrix Password Manager, and can then connect to another service requiring an authentication. The second login and password ("secondary credentials") is provided by Citrix Password Manager. The administrator can configure Citrix Password Manager in order to forbid users to have access to their secondary credentials. However, a vulnerability of Citrix Password Manager can be used by a user to read his own secondary credentials. Technical details are unknown. An authenticated attacker can therefore directly connect to the service using the second login and password. CHARACTERISTICS Identifiers: CTX120743, VIGILANCE-VUL-8742 http://vigilance.fr/vulnerability/Citrix-Password-Manager-information-disclosure-8742 |
< previous next > |
Citrix XenApp
