Database Credential Exposure in Citrix EdgeSight Products
CVE-2007-6267
Currently unrated
Key Information:
- Vendor
- Citrix
- Vendor
- CVE Published:
- 7 December 2007
Summary
Citrix EdgeSight versions 4.2 and 4.5 for Presentation Server and Endpoints, as well as EdgeSight for NetScaler versions 1.0 and 1.1, improperly handle the storage of database credentials within their configuration files. This lax security measure permits local users to gain unauthorized access to sensitive credential data, potentially leading to further exploits within the network. Organizations utilizing these versions of EdgeSight should take immediate action to secure their configuration files and restrict access to prevent local users from obtaining this critical information.
References
Timeline
Vulnerability published
Vulnerability Reserved