Database Credential Exposure in Citrix EdgeSight Products
CVE-2007-6267

Currently unrated

Key Information:

Summary

Citrix EdgeSight versions 4.2 and 4.5 for Presentation Server and Endpoints, as well as EdgeSight for NetScaler versions 1.0 and 1.1, improperly handle the storage of database credentials within their configuration files. This lax security measure permits local users to gain unauthorized access to sensitive credential data, potentially leading to further exploits within the network. Organizations utilizing these versions of EdgeSight should take immediate action to secure their configuration files and restrict access to prevent local users from obtaining this critical information.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.