ICA Weak Encryption Vulnerability
BID:1077
Info
ICA Weak Encryption Vulnerability
| Bugtraq ID: | 1077 |
| Class: | Design Error |
| CVE: |
CVE-2000-0244 |
| Remote: | Yes |
| Local: | Yes |
| Published: | Mar 29 2000 12:00AM |
| Updated: | Jul 11 2009 01:56AM |
| Credit: | Posted to Bugtraq on March 29, 2000 by Dug Song <[email protected]>. |
| Vulnerable: |
Citrix WinFrame for Windows NT 3.5 1.8 Citrix MetaFrame for Windows NT 4.0 TSE 1.8 Citrix MetaFrame for Windows 2000 1.8 Citrix MetaFrame for Unix 1.0 |
| Not Vulnerable: | |
Discussion
ICA Weak Encryption Vulnerability
The ICA protocol uses a simple XOR-based encryption algorthm to protect user credentials while stored or in transit. This encryption can be easily broken, meaning that anyone sniffing the connection can obtain user access to the server.
The ICA protocol, developed by Citrix, is used in Citrix server products such as WinFrame and MetaFrame and possibly others, and in Citrix and third party clients for those products.
The ICA protocol uses a simple XOR-based encryption algorthm to protect user credentials while stored or in transit. This encryption can be easily broken, meaning that anyone sniffing the connection can obtain user access to the server.
The ICA protocol, developed by Citrix, is used in Citrix server products such as WinFrame and MetaFrame and possibly others, and in Citrix and third party clients for those products.
Exploit / POC
ICA Weak Encryption Vulnerability
ICAdecrypt will decrypt WinFrame passwords stored in the appsrv.ini file.
DSniff will sniff and decrypt ICA credentials on the network.
ICAdecrypt will decrypt WinFrame passwords stored in the appsrv.ini file.
DSniff will sniff and decrypt ICA credentials on the network.
Solution / Fix
ICA Weak Encryption Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
ICA Weak Encryption Vulnerability
References:
References:
- Citrix ICA Technology Brief (Citrix)
- ICA Technology (Citrix)