CVE-2020-13998

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Citrix XenApp version 6.5

Description The issue allows a remote unauthenticated attacker to determine whether a user exists on the server when two-factor authentication (2FA) is enabled. This is because the 2FA error page is only displayed after a valid username is entered. The products affected by this issue are no longer supported by the maintainer.

Recommendations For Citrix XenApp version 6.5, as the product is no longer supported, there is no information about a newer version that contains a fix for this issue.

Fix

IDOR

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639CWE-203

Related Identifiers

CVE-2020-13998

Affected Products

Citrix Xenapp

CVE-2020-13998

Weakness Enumeration

Related Identifiers

Affected Products

References · 6