CVE-2000-0244

Citrix MetaFrame - Weak Encryption for User Authentication

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0244. PoCs published by Dug Song.

AI-analyzed exploit summary This exploit decrypts stored Citrix ICA passwords from appsrv.ini files by reversing the XOR-based encryption algorithm used by the ICA protocol. It reads a file, identifies the 'Password=' line, decodes the hex-encoded password, and applies the decryption logic.

Description

The Citrix ICA (Independent Computing Architecture) protocol uses weak encryption (XOR) for user authentication.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Dug Song · clocalmultiple

https://www.exploit-db.com/exploits/19821

View Code ZIP pw:eip

This exploit decrypts stored Citrix ICA passwords from appsrv.ini files by reversing the XOR-based encryption algorithm used by the ICA protocol. It reads a file, identifies the 'Password=' line, decodes the hex-encoded password, and applies the decryption logic.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Citrix WinFrame and MetaFrame (ICA protocol)

No auth needed

Prerequisites: Access to the appsrv.ini file containing the encrypted password

MITRE ATT&CK

T1552.001 - Credentials In Files

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.BSO.4.20.0003290949280.2640-100000%40naughty.monkey.org

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/1077

Scores

EPSS 0.0233

EPSS Percentile 81.3%

Details

Status published

Products (3)

citrix/metaframe 1.0

citrix/metaframe < 1.8 (2 CPE variants)

citrix/winframe 3.5_1.8_for_windows_nt

Published Mar 29, 2000

Tracked Since Feb 18, 2026