Search

Citrix MetaFrame Password Manager "Reveal Password" Policy Bypass

Tuesday, 15 March 2005 by Michel Roth

A new vulnerability was identified in Citrix MetaFrame Password Manager, which may be exploited by attackers to disclose sensitive information. Citrix MetaFrame Password Manager allows administrators to control which users can view their own secondary passwords even if they should be prohibited from doing so by the administrator defined policy. When viewing configured applications, the password field is displayed to the user as a series of asterisks, which may be exploited by a malicious user to extract the clear text password from this field.

Solution: Hotfix MPM250W006

Read more here.

Related Items:

User Interface Flaw In Program Neighborhood Could Leak Cached Passwords (16 December 2005)
VMware ESX Server Multiple Vulnerabilities (2 August 2006)
Citrix released Hotfix PM450W001 for Password Manager 4.5 (25 July 2007)
MetaFrame Conferencing Manager Keyboard And Mouse Control Issue (15 March 2005)
Citrix Password Manager 4 Wins SC Magazine Award For Best Password Management (28 April 2006)
Citrix Presentation Server And MetaFrame Print Provider Buffer Overflow Vulnerability (24 January 2007)
Courion and Citrix Announce Integrated User Provisioning And Enterprise Single Sign-On (10 October 2005)
Citrix Password Manager Growth Skyrockets (14 February 2006)
VMware ESX Server Multiple Vulnerabilities (5 April 2007)

Comments (0)

Show/Hide comment form toggle

toggle

Our Newsletter

Stay Updated

Stay Updated!

Latest downloads

Stresstesing Provision Networks Components With DeNamiK LoadGenDeNamiK LoadGen1.3Visionapp Remote Desktop managerDeNamik Service WrapperLogin Consultants TS Task ManagerDeNamiK sftImportSoftgrid Precache All Applications Script: CacheAllSFTAppsThincomputing.net Tools v1.02

Latest Blog items