Description
The Citrix MetaFrame Password Manager 2.0, when a central credential store is not configured, does not encrypt passwords entered immediately after executing the First Time User Wizards, which allows local users to gain sensitive information.
References (7)
Core 7
Core References
Patch, Vendor Advisory x_refsource_confirm
http://support.citrix.com/kb/entry.jspa?entryID=4062&categoryID=256
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/4942
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1009659
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/10049
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15737
Patch third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/11293
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=108127948610311&w=2
Scores
EPSS
0.0009
EPSS Percentile
25.3%
Details
Status
published
Products (1)
citrix/metaframe_password_manager
2.0
Published
Dec 31, 2004
Tracked Since
Feb 18, 2026