Citrix MetaFrame Password Manager Failure To Encrypt Application Password Vulnerability
BID:10049
Info
Citrix MetaFrame Password Manager Failure To Encrypt Application Password Vulnerability
| Bugtraq ID: | 10049 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 02 2004 12:00AM |
| Updated: | Apr 02 2004 12:00AM |
| Credit: | This vulnerability was discovered by "Foundstone Labs" <[email protected]>. |
| Vulnerable: |
Citrix MetaFrame Password Manager 2.0 |
| Not Vulnerable: | |
Discussion
Citrix MetaFrame Password Manager Failure To Encrypt Application Password Vulnerability
A vulnerability in MetaFrame Password Manager is reported to exist that may result in a failure to properly encrypt application passwords.
The issue is reported to present itself in the circumstance where an application password is entered subsequent to the "First Time Use Wizard" and no sync point has been defined for the software. This may permit a local attacker to recover the unencrypted credentials.
A vulnerability in MetaFrame Password Manager is reported to exist that may result in a failure to properly encrypt application passwords.
The issue is reported to present itself in the circumstance where an application password is entered subsequent to the "First Time Use Wizard" and no sync point has been defined for the software. This may permit a local attacker to recover the unencrypted credentials.
Exploit / POC
Citrix MetaFrame Password Manager Failure To Encrypt Application Password Vulnerability
There is no exploit required.
There is no exploit required.
Solution / Fix
Citrix MetaFrame Password Manager Failure To Encrypt Application Password Vulnerability
Solution:
The vendor has released a hotfix to address this issue:
Citrix MetaFrame Password Manager 2.0
Solution:
The vendor has released a hotfix to address this issue:
Citrix MetaFrame Password Manager 2.0
-
Citrix Hotfix MPME100W001 - For MetaFrame Password Manager 2.0 - English
http://support.citrix.com/kb/entry.jspa?entryID=4062
References
Citrix MetaFrame Password Manager Failure To Encrypt Application Password Vulnerability
References:
References: