David Wong

**Name of the Vulnerable Software and Affected Versions** Mbed TLS versions prior to 2.14.1 Mbed TLS versions prior to 2.7.8 Mbed TLS versions prior to 2.1.17 **Description** The issue is related to a local synchronization problem during RSA decryption in Mbed TLS, allowing a local unprivileged attacker to recover the plaintext of RSA decryption. This affects RSA-without-(EC)DH(E) cipher suites. The vulnerability can be exploited to gain access to protected information. **Recommendations** For versions prior to 2.14.1, update to version 2.14.1 or later. For versions prior to 2.7.8, update to version 2.7.8 or later. For versions prior to 2.1.17, update to version 2.1.17 or later.

**Name of the Vulnerable Software and Affected Versions** Citrix MetaFrame Password Manager version 2.0 **Description** The issue concerns the encryption of passwords entered after executing the First Time User Wizards when a central credential store is not configured. This allows local users to obtain sensitive information. **Recommendations** For Citrix MetaFrame Password Manager version 2.0, consider configuring a central credential store to ensure passwords are encrypted properly. As a temporary workaround, restrict access to sensitive information until a proper configuration is in place.