Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Citrix Command Center Configuration Disclosure

🗓️ 20 Mar 2015 00:00:00Reported by Han SahinType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 15 Views

Citrix Command Center Configuration Disclosure - Vulnerable to Unauthenticated Acces

Code
`------------------------------------------------------------------------  
Citrix Command Center allows downloading of configuration files  
------------------------------------------------------------------------  
Han Sahin, August 2014  
  
------------------------------------------------------------------------  
Abstract  
------------------------------------------------------------------------  
It was discovered that Citrix Command Center stores configuration files  
containing credentials of managed devices within a folder accessible  
through the web server. Unauthenticated attackers can download any  
configuration file stored in this folder, decode passwords stored in  
these files, and gain privileged access to devices managed by Command  
Center.  
  
------------------------------------------------------------------------  
Tested version  
------------------------------------------------------------------------  
This issue was discovered in Citrix Command Center 5.1 build 33.3  
(including patch CC_SP_5.2_40_1.exe), other versions may also be  
vulnerable.  
  
------------------------------------------------------------------------  
Fix  
------------------------------------------------------------------------  
Citrix reports that this vulnerability is fixed in Command Center 5.2  
build 42.7, which can be downloaded from the following location (login  
required).  
https://www.citrix.com/downloads/command-center/product-software/command-center-52-427.html  
  
Citrix assigned BUG0493933 to this issue.  
  
------------------------------------------------------------------------  
Details  
------------------------------------------------------------------------  
https://www.securify.nl/advisory/SFY20140802/citrix_command_center_allows_downloading_of_configuration_files.html  
  
Configuration files can be downloaded from the conf web folder. Below is an example of a configuration file that can be obtained this way.  
  
https://<target>:8443/conf/securitydbData.xml  
  
This files contains encoded passwords, for example:  
  
<DATA ownername="NULL" password="C70A0eE9os9T2z" username="root"/>  
  
These passwords can be decoded trivially. The algorithm used can be found in the JAR file NmsServerClasses.jar. For example the encoded password C70A0eE9os9T2z decodes to SECURIFY123. The credentials stored in these files can than be used to gain privileged access to devices managed by Command Center.  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
20 Mar 2015 00:00Current
7.4High risk
Vulners AI Score7.4
citrix command centerconfiguration filescredentials disclosureunauthenticated access
15