[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] Citrix Linux client logs session credentials

To: fulldisclosure@xxxxxxxxxxxx
Subject: [FD] Citrix Linux client logs session credentials
From: Russell Howe <russellghowe@xxxxxxxxx>
Date: Sat, 14 Jan 2023 21:02:36 +0000

The Citrix Linux client emits its session credentials when starting a
Citrix session. These credentials end up being recorded in the client's
system log.

Citrix do not consider this to be a security vulnerability.

Writeup here:
https://github.com/rhowe/disclosures/tree/main/citrix-linux-client-cred-leak

Write
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Prev by Date: [FD] [KIS-2023-04] Tiki Wiki CMS Groupware <= 24.1 (tikiimporter_blog_wordpress.php) PHP Object Injection Vulnerability
Next by Date: [FD] wolfSSL before 5.5.0: Denial-of-service with session resumption
Previous by thread: [FD] [KIS-2023-04] Tiki Wiki CMS Groupware <= 24.1 (tikiimporter_blog_wordpress.php) PHP Object Injection Vulnerability
Next by thread: [FD] wolfSSL before 5.5.0: Denial-of-service with session resumption
Index(es):
- Date
- Thread