PT-2005-5098 · Citrix · Citrix Program Neighborhood Agent

Published

2005-12-20

Updated

2008-09-05

CVE-2005-4412

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Citrix Program Neighborhood client versions prior to 9.150

Description The issue allows attackers with access to the session to obtain the password by using a tool to directly access the password field, as the password is cached in plaintext in the GUI while asterisks are used to visually obfuscate the password.

Recommendations For versions prior to 9.150, update to version 9.150 or later to resolve the issue. As a temporary workaround, consider restricting access to the Citrix Program Neighborhood client to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-4412

Affected Products

Citrix Program Neighborhood Agent

PT-2005-5098 · Citrix · Citrix Program Neighborhood Agent

CVE-2005-4412

Related Identifiers

Affected Products

References · 3