CVE-2015-2682

Citrix Command Center <5.1-5.2 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-2682. PoCs published by Han Sahin.

AI-analyzed exploit summary This writeup describes an information leak vulnerability in Citrix Command Center where unauthenticated attackers can download configuration files containing encoded credentials. The passwords can be trivially decoded, allowing privileged access to managed devices.

Description

Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 allows remote attackers to obtain credentials via a direct request to conf/securitydbData.xml.

Exploits (1)

exploitdb WRITEUP

by Han Sahin · textwebappsxml

https://www.exploit-db.com/exploits/36441

View Code ZIP pw:eip

This writeup describes an information leak vulnerability in Citrix Command Center where unauthenticated attackers can download configuration files containing encoded credentials. The passwords can be trivially decoded, allowing privileged access to managed devices.

Classification

Writeup 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Citrix Command Center 5.1 build 33.3 (and possibly others)

No auth needed

Prerequisites: Network access to the Citrix Command Center web interface

MITRE ATT&CK