User Interface Flaw In Program Neighborhood Could Leak Cached Passwords

Friday, 16 December 2005 by Michel Roth

The Citrix Program Neighborhood client provides a mechanism to cache user passwords; a user interface flaw in this client could permit these cached passwords to be revealed to the user. The cached passwords are normally displayed to the user as a series of asterisks but it may be possible for the user to run a password viewing tool that can extract the clear text password from this field.

The following clients are affected by this issue:
• Citrix Program Neighborhood version 9.1 and earlier for 32-bit and 64-bit Windows

The Citrix Web client and the Citrix Program Neighborhood Agent client are not affected by this vulnerability.

Read CTX108108 here.

Related Items:

Vulnerability In Program Neighborhood Client Could Result In Arbitrary Code Execution (16 December 2005)
Citrix MetaFrame Password Manager "Reveal Password" Policy Bypass (15 March 2005)
Citrix Program Neighborhood Agent Two Vulnerabilities (26 April 2005)
ICA Client Version 10 Released (26 February 2007)
Server Upgrade Fails When A Later Version Of The ICA Client Is Already Installed (6 April 2006)
Citrix Presentation Server Client Packager - Version 9.1 (18 October 2005)
ICA Client 10.150 For Windows Released, Streaming Users Beware! (20 November 2007)
Encryption of Passwords In RDP Files (3 March 2008)
Citrix Presentation Server Client Package Version 9.230 (6 December 2006)
Program Neighborhood Agent - Application Icon Delays (16 January 2007)

Comments (0)

Show/Hide comment form

Search

Related Items:

Our Newsletter

Stay Updated

Latest downloads

Latest Blog items