English

Calendar Discussions Polls

RSS feeds Subscriptions Contacts

The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service.

Internet threat level: 1

Read us on

Home→Descriptions→SA13246

Citrix MetaFrame Presentation Server Client Debugging Security Issue

Secunia ID	SA13246
Release Date	22 Nov 2004
Last Change	26 Apr 2005
Criticality	Not Critical
Solution Status	Vendor Patch
Software	Citrix ICA Clients 6.x Citrix ICA Clients 7.x Citrix Program Neighborhood Agent 8.x Citrix Program Neighborhood Client 8.x Citrix Web Client 8.x
Where	Local system
Impact	Exposure of sensitive information Vulnerabilities where documents or credentials are leaked or can be revealed either locally or from remote.
Description	A security issue has been reported in Citrix MetaFrame Presentation Server Client, which can be exploited by malicious users to gain knowledge of sensitive information. The problem is that the client includes a debugging feature (disabled by default), which can be used to create a log file of the keyboard scan codes sent during an ICA connection. This can be exploited to gain knowledge of sensitive information (e.g. another user's credentials) by tricking that user into using a client with the debugging feature enabled. The security issue affects version 8.0 and prior of the following Windows clients: * ICA Win32 Web Client * ICA Win32 Program Neighborhood Client * ICA Win32 Program Neighborhood Agent
Solution	Version 8.1 does not include this functionality. http://www.citrix.com/site/SS/downloads/details.asp?dID=2755&downloadID=13336&pID=186
Reported by	The vendor credits the following people: * Andre van der Lingen, Interpay Netherlands. * Robert-Jan Mora, Hoffmann Investigations.
Original Advisory	Citrix: http://support.citrix.com/kb/entry.jspa?entryID=5536&categoryID=149 Hoffmann: http://www.hoffmannbv.nl/forensisch/nieuws/citrixkeyboardlogger.html