Lucene search

[email protected]CVE-2005-4412

HistoryOct 03, 2022 - 4:22 p.m.

CVE-2005-4412

2022-10-0316:22:45

[email protected]

web.nvd.nist.gov

citrix

program neighborhood

plaintext password

security vulnerability

nvd

cve-2005-4412

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

18.0%

JSON

Citrix Program Neighborhood client before 9.150 caches the user password in plaintext in the GUI while asterisks are used to visually obfuscate the password, which allows attackers with access to the session to obtain the password by using a tool to directly access the field.

Affected configurations

NVD

Node

citrixprogram_neighborhood_clientRange≤9.1

CPENameOperatorVersion
citrix:program_neighborhood_clientcitrix program neighborhood clientle9.1

CPE	Name	Operator	Version
citrix:program_neighborhood_client	citrix program neighborhood client	le	9.1

References

securitytracker.com/id?1015372

support.citrix.com/article/CTX108108

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

18.0%

JSON

Related for CVE-2005-4412

nvd1 cvelist1