PT-2005-5098 · Citrix · Citrix Program Neighborhood Agent

Publicado

2005-12-20

Atualizado

2008-09-05

CVE-2005-4412

CVSS v2.0

2.1

Baixa

Vetor

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Citrix Program Neighborhood client versions prior to 9.150

Description The issue allows attackers with access to the session to obtain the password by using a tool to directly access the password field, as the password is cached in plaintext in the GUI while asterisks are used to visually obfuscate the password.

Recommendations For versions prior to 9.150, update to version 9.150 or later to resolve the issue. As a temporary workaround, consider restricting access to the Citrix Program Neighborhood client to minimize the risk of exploitation.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2005-4412

Produtos afetados

Citrix Program Neighborhood Agent

PT-2005-5098 · Citrix · Citrix Program Neighborhood Agent

CVE-2005-4412

Identificadores relacionados

Produtos afetados

Referências · 3