PT-2004-2800 · Citrix · Citrix Metaframe Password Manager

David Wong

Published

2004-12-31

Updated

2017-07-11

CVE-2004-1902

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Citrix MetaFrame Password Manager version 2.0

Description The issue concerns the encryption of passwords entered after executing the First Time User Wizards when a central credential store is not configured. This allows local users to obtain sensitive information.

Recommendations For Citrix MetaFrame Password Manager version 2.0, consider configuring a central credential store to ensure passwords are encrypted properly. As a temporary workaround, restrict access to sensitive information until a proper configuration is in place.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-1902

Affected Products

Citrix Metaframe Password Manager

PT-2004-2800 · Citrix · Citrix Metaframe Password Manager

CVE-2004-1902

Related Identifiers

Affected Products

References · 8