Weak Password Handling in Citrix MetaFrame Password Manager 2.0
CVE-2004-1902

Currently unrated

Key Information:

Vendor: Citrix
Status: Metaframe Password Manager
Vendor: CVE Published:; 31 December 2004

Summary

The Citrix MetaFrame Password Manager 2.0 contains a vulnerability that arises when a central credential store is not configured. This oversight allows unencrypted passwords to be captured immediately after executing the First Time User Wizards, thereby exposing sensitive user information to local users. Proper security practices require the configuration of a central credential store to ensure that passwords are encrypted and protected from unauthorized access.

References

http://support.citrix.com/kb/entry.jspa?entryID=4062&cate...

x_refsource_CONFIRM

http://www.osvdb.org/4942

vdb-entryx_refsource_OSVDB

http://securitytracker.com/id?1009659

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability Reserved
May 4, 2005
Vulnerability published
Dec 31, 2004