Vigil@nce: Citrix Password Manager, information disclosure
May 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
An authenticated attacker can obtains his own secondary
credentials used by Citrix Password Manager.
Severity: 1/4
Consequences: data reading
Provenance: user account
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 28/05/2009
IMPACTED PRODUCTS
– Citrix XenApp
DESCRIPTION OF THE VULNERABILITY
The Citrix Password Manager product manages authentication of
users. Each user authenticates on Citrix Password Manager, and can
then connect to another service requiring an authentication. The
second login and password ("secondary credentials") is provided by
Citrix Password Manager.
The administrator can configure Citrix Password Manager in order
to forbid users to have access to their secondary credentials.
However, a vulnerability of Citrix Password Manager can be used by
a user to read his own secondary credentials. Technical details
are unknown.
An authenticated attacker can therefore directly connect to the
service using the second login and password.
CHARACTERISTICS
Identifiers: CTX120743, VIGILANCE-VUL-8742
http://vigilance.fr/vulnerability/Citrix-Password-Manager-information-disclosure-8742