Citrix MetaFrame Presentation Server Client Debugging Security Issue
Monday, 22 November 2004 by Michel Roth
Secunia released a security advisory regarding the Citrix MetaFrame windows client version 8.0 and prior.


...
A security issue has been reported in Citrix MetaFrame Presentation Server Client, which can be exploited by malicious users to gain knowledge of sensitive information.

The problem is that the client includes a debugging feature (disabled by default), which can be used to create a log file of the keyboard scan codes sent during an ICA connection. This can be exploited to gain knowledge of sensitive information (e.g. another user's credentials) by tricking that user into using a client with the debugging feature enabled.
...

Thincomputing.net mentioned this security issue some three weeks earlier and another way around it.

Read the whole story at the secunia website.

The original article (CTX105215) on the Citrix website can be found here.

Related Items:

VMWare ESX Server Multiple Vulnerabilities (9 January 2007)
VMware "vmware-config.pl" Insecure SSL Key File Permissions (21 July 2006)
VMware ESX Server Multiple Vulnerabilities (2 August 2006)
VMware ESX Server Multiple Vulnerabilities (14 November 2006)
VMware ESX Server Multiple Vulnerabilities (5 April 2007)
Windows Remote Desktop Protocol Private Key Disclosure (8 June 2005)
Citrix Program Neighborhood Agent Two Vulnerabilities (26 April 2005)
Warning: 0-Day Microsoft XMLHTTP ActiveX Control Code Execution Vulnerability (6 November 2006)
VMware VirtualCenter Client SSL Verification Security Issue (22 November 2006)
Citrix Metaframe XP Unspecified Buffer Overflow Vulnerability (23 December 2004)
Comments (0)add feed
Show/Hide comment formtoggle
password
 

busy