Citrix MetaFrame Password Manager Password Disclosure

2004-04-05T11:11:35
ID OSVDB:4942
Type osvdb
Reporter Citrix Technical Support()
Modified 2004-04-05T11:11:35

Description

Vulnerability Description

MetaFrame Password Manager contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to application passwords which are stored encoded. This condition occures when the application passwords are entered immediately after the First Time Use Wizard and if no sync point has been defined for production configurations, which may lead to a loss of confidentiality and integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Citrix has released a patch to address this vulnerability.

Short Description

MetaFrame Password Manager contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to application passwords which are stored encoded. This condition occures when the application passwords are entered immediately after the First Time Use Wizard and if no sync point has been defined for production configurations, which may lead to a loss of confidentiality and integrity.

References:

Vendor URL: http://www.citrix.com Vendor Specific Solution URL: http://support.citrix.com/kb/entry.jspa?entryID=4062 Secunia Advisory ID:11293 Other Advisory URL: http://support.citrix.com/kb/entry.jspa?entryID=4063&categoryID=254