| The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them. |
|
 |
|
|
|
vulnerability announce 8742
Citrix Password Manager: information disclosure
Synthesis of the vulnerability
| An authenticated attacker can obtains his own secondary credentials used by Citrix Password Manager. |
Severity: 1/4.
Creation date: 28/05/2009.
|
Impacted products
Description of the vulnerability
The Citrix Password Manager product manages authentication of users. Each user authenticates on Citrix Password Manager, and can then connect to another service requiring an authentication. The second login and password ("secondary credentials") is provided by Citrix Password Manager.
The administrator can configure Citrix Password Manager in order to forbid users to have access to their secondary credentials.
However, a vulnerability of Citrix Password Manager can be used by a user to read his own secondary credentials. Technical details are unknown.
An authenticated attacker can therefore directly connect to the service using the second login and password. |
Share this bulletin
Complete Vigil@nce bulletin
Characteristics
Title: Citrix Password Manager: information disclosure.
Keywords: Citrix Manager Password disclosure information.
Identifiers: BID-35133, CTX120743, VIGILANCE-VUL-8742.
|
Information sources
Solutions for this vulnerability
Computer vulnerabilities tracking service
Vigil@nce provides a vulnerability watch, database, alert and management. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The technology watch team tracks security threats targeting the computer system. The Vigil@nce vulnerability database contains several thousand vulnerabilities.
|
