Citrix Metaframe Password Manager 2.5 and earlier stores a password in cleartext although it is obfuscated when presented to a user, which allows users to view their secondary passwords even if it is not allowed by policy.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Metaframe_password_manager | Citrix | 2.5 (including) | 2.5 (including) |
References
- http://securitytracker.com/id?1018077
- http://support.citrix.com/article/CTX105800
- http://support.citrix.com/kb/entry.jspa?entryID=5970\u0026categoryID=254
- http://support.citrix.com/kb/entry.jspa?externalID=CTX105762
- http://www.securityfocus.com/bid/24041
- http://securitytracker.com/id?1018077
- http://support.citrix.com/article/CTX105800
- http://support.citrix.com/kb/entry.jspa?entryID=5970\u0026categoryID=254
- http://support.citrix.com/kb/entry.jspa?externalID=CTX105762
- http://www.securityfocus.com/bid/24041