Citrix Program Neighborhood Client Lets Local Users Obtain Cached Passwords
|
|
SecurityTracker Alert ID: 1015372 |
|
SecurityTracker URL: http://securitytracker.com/id/1015372
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Dec 16 2005
|
Impact:
Disclosure of authentication information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): Citrix Program Neighborhood version 9.1 and prior versions
|
Description:
A vulnerability was reported in the Citrix Program Neighborhood client. A local user can obtain the target user's password.
The Citrix Program Neighborhood client contains a flaw in the user interface. A local user can run a password viewing tool to view cached user passwords that are normally displayed as asteriks.
The Citrix Web client and the Citrix Program Neighborhood Agent client are not affected.
The vendor credits Dr. Alex Danilychev of www.ishadow.com with reporting this vulnerability.
|
Impact:
A local user can obtain the target user's cached password.
|
Solution:
The vendor has issued a fixed version (9.150) of the Program Neighborhood client, available at:
http://www.citrix.com/English/SS/downloads/downloads.asp?dID=2755
|
Vendor URL: support.citrix.com/article/CTX108108 (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 16 Dec 2005 11:14:22 -0500
Subject: User interface flaw in Program Neighborhood could leak cached passwords
|
http://support.citrix.com/article/CTX108108
Document ID: CTX108108
|
|
