Citrix XenDesktop and XenServer Authentication Credentials Information Disclosure Vulnerability
BID:51075
Info
Citrix XenDesktop and XenServer Authentication Credentials Information Disclosure Vulnerability
| Bugtraq ID: | 51075 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 15 2011 12:00AM |
| Updated: | Dec 15 2011 12:00AM |
| Credit: | vtek63 |
| Vulnerable: |
Citrix XenServer 5.6 SP2 Citrix XenDesktop 0 |
| Not Vulnerable: | |
Discussion
Citrix XenDesktop and XenServer Authentication Credentials Information Disclosure Vulnerability
Citrix XenDesktop and XenServer are prone to an information-disclosure vulnerability.
Exploiting this issue can allow a remote attacker to harvest sensitive information through man-in-the-middle attacks that can aid in further attacks.
Citrix XenDesktop and XenServer are prone to an information-disclosure vulnerability.
Exploiting this issue can allow a remote attacker to harvest sensitive information through man-in-the-middle attacks that can aid in further attacks.
Exploit / POC
Citrix XenDesktop and XenServer Authentication Credentials Information Disclosure Vulnerability
An attacker can use readily available tools to exploit this issue.
An attacker can use readily available tools to exploit this issue.
Solution / Fix
Citrix XenDesktop and XenServer Authentication Credentials Information Disclosure Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Citrix XenDesktop and XenServer Authentication Credentials Information Disclosure Vulnerability
References:
References:
- Citrix Homepage (Citrix)
- Citrix Receiver, XenDesktop "Pass-the-hash" Attack (Travis)