Database Credential Exposure in Citrix EdgeSight Products
CVE-2007-6267

Currently unrated

Key Information:

Vendor: Citrix
Status: Edgesight For Presentation Server; Edgesight For Netscaler; Edgesight For Endpoints
Vendor: CVE Published:; 7 December 2007

Summary

Citrix EdgeSight versions 4.2 and 4.5 for Presentation Server and Endpoints, as well as EdgeSight for NetScaler versions 1.0 and 1.1, improperly handle the storage of database credentials within their configuration files. This lax security measure permits local users to gain unauthorized access to sensitive credential data, potentially leading to further exploits within the network. Organizations utilizing these versions of EdgeSight should take immediate action to secure their configuration files and restrict access to prevent local users from obtaining this critical information.

References

http://support.citrix.com/article/CTX115281

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/38861

vdb-entryx_refsource_XF

http://www.vupen.com/english/advisories/2007/4091

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
Dec 7, 2007
Vulnerability Reserved
Dec 7, 2007