Description
Citrix Program Neighborhood client before 9.150 caches the user password in plaintext in the GUI while asterisks are used to visually obfuscate the password, which allows attackers with access to the session to obtain the password by using a tool to directly access the field.
References (2)
Core 2
Core References
Exploit vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1015372
Exploit, Vendor Advisory x_refsource_confirm
http://support.citrix.com/article/CTX108108
Scores
EPSS
0.0009
EPSS Percentile
24.7%
Details
Status
published
Products (1)
citrix/program_neighborhood_client
< 9.1
Published
Dec 20, 2005
Tracked Since
Feb 18, 2026