SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Citrix ICA Client Vendors:   Citrix
Citrix Program Neighborhood Client Lets Local Users Obtain Cached Passwords
SecurityTracker Alert ID:  1015372
SecurityTracker URL:  http://securitytracker.com/id/1015372
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Dec 16 2005
Impact:   Disclosure of authentication information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Citrix Program Neighborhood version 9.1 and prior versions
Description:   A vulnerability was reported in the Citrix Program Neighborhood client. A local user can obtain the target user's password.

The Citrix Program Neighborhood client contains a flaw in the user interface. A local user can run a password viewing tool to view cached user passwords that are normally displayed as asteriks.

The Citrix Web client and the Citrix Program Neighborhood Agent client are not affected.

The vendor credits Dr. Alex Danilychev of www.ishadow.com with reporting this vulnerability.

Impact:   A local user can obtain the target user's cached password.
Solution:   The vendor has issued a fixed version (9.150) of the Program Neighborhood client, available at:

http://www.citrix.com/English/SS/downloads/downloads.asp?dID=2755

Vendor URL:  support.citrix.com/article/CTX108108 (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC