Vulnerability CVE-2005-4412


Published: 2005-12-20   Modified: 2012-02-12

Description:
Citrix Program Neighborhood client before 9.150 caches the user password in plaintext in the GUI while asterisks are used to visually obfuscate the password, which allows attackers with access to the session to obtain the password by using a tool to directly access the field.

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Citrix -> Program neighborhood client 

 References:
http://support.citrix.com/article/CTX108108
http://securitytracker.com/id?1015372

Copyright 2024, cxsecurity.com

 

Back to Top