• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Citrix MetaFrame Password Manager Information Disclosure Vulnerability

Citrix MetaFrame Password Manager is prone to an information-disclosure vulnerability.

Users can exploit this issue to view their own secondary passwords, regardless of administrative policies that may not allow it.

Successful exploits will allow an attacker to access currently logged-in account passwords that are managed by the affected software. This will allow attackers to later access applications and services in a manner that is not authorized by administration.

Citrix MetaFrame Password Manager 2.5 and prior versions are vulnerable.