Citrix MetaFrame Password Manager Information Disclosure Vulnerability
BID:24041
Info
Citrix MetaFrame Password Manager Information Disclosure Vulnerability
| Bugtraq ID: | 24041 |
| Class: | Design Error |
| CVE: |
CVE-2005-0822 |
| Remote: | No |
| Local: | Yes |
| Published: | May 18 2007 12:00AM |
| Updated: | May 07 2015 05:39PM |
| Credit: | The vendor disclosed this issue. |
| Vulnerable: |
Citrix MetaFrame Password Manager 2.5 Citrix MetaFrame Password Manager 2.0 |
| Not Vulnerable: | |
Discussion
Citrix MetaFrame Password Manager Information Disclosure Vulnerability
Citrix MetaFrame Password Manager is prone to an information-disclosure vulnerability.
Users can exploit this issue to view their own secondary passwords, regardless of administrative policies that may not allow it.
Successful exploits will allow an attacker to access currently logged-in account passwords that are managed by the affected software. This will allow attackers to later access applications and services in a manner that is not authorized by administration.
Citrix MetaFrame Password Manager 2.5 and prior versions are vulnerable.
Citrix MetaFrame Password Manager is prone to an information-disclosure vulnerability.
Users can exploit this issue to view their own secondary passwords, regardless of administrative policies that may not allow it.
Successful exploits will allow an attacker to access currently logged-in account passwords that are managed by the affected software. This will allow attackers to later access applications and services in a manner that is not authorized by administration.
Citrix MetaFrame Password Manager 2.5 and prior versions are vulnerable.
Exploit / POC
Citrix MetaFrame Password Manager Information Disclosure Vulnerability
An attacker can exploit this issue by using a password-extracting tool.
An attacker can exploit this issue by using a password-extracting tool.
Solution / Fix
Citrix MetaFrame Password Manager Information Disclosure Vulnerability
Solution:
The vendor has released a hotfix to address this issue. Please see the references for more information.
Citrix MetaFrame Password Manager 2.5
Solution:
The vendor has released a hotfix to address this issue. Please see the references for more information.
Citrix MetaFrame Password Manager 2.5
-
Cuyahoga MPM250W009.msi
http://support.citrix.com/servlet/KbServlet/download/8694-102-14374/MP M250W009.msi
References
Citrix MetaFrame Password Manager Information Disclosure Vulnerability
References:
References: