Citrix Program Neighborhood client before 9.150 caches the user password in plaintext in the GUI while asterisks are used to visually obfuscate the password, which allows attackers with access to the session to obtain the password by using a tool to directly access the field.
References
Link | Resource |
---|---|
http://securitytracker.com/id?1015372 | Exploit |
http://support.citrix.com/article/CTX108108 | Exploit Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-03T16:22:45
Updated: 2022-10-03T16:22:45
Reserved: 2022-10-03T00:00:00
Link: CVE-2005-4412
JSON object: View
NVD Information
Status : Analyzed
Published: 2005-12-20T11:03:00.000
Modified: 2008-09-05T20:56:49.347
Link: CVE-2005-4412
JSON object: View
Redhat Information
No data.
CWE