Penetration Testing mailing list archives
Re: [PEN-TEST] Citrix
From: Ryan Russell <ryan () SECURITYFOCUS COM>
Date: Mon, 9 Oct 2000 13:48:34 -0700
The most I've done with it is play with the "remember password" feaure on the client. For old Citrix clients and MSTerminal clients, it was "encrypted" by XORing it with a fixed string. The feature shouldn't be there, it can't be done securely. If you can get control of a client with a stored password, there ya go. Ryan On Mon, 9 Oct 2000, Beauregard, Claude Q wrote:
Has anyone done any penetration regarding Citrix and Internet access as provided by the Citrix servers to internal network resources. Even though they are now using 128bit encryption for the client the hole in the firewall is there waiting to be exploited.
Current thread:
- [PEN-TEST] Citrix Beauregard, Claude Q (Oct 09)
- Re: [PEN-TEST] Citrix van der Kooij, Hugo (Oct 10)
- Re: [PEN-TEST] Citrix Peter Van Epp (Oct 10)
- Re: [PEN-TEST] Citrix Ryan Russell (Oct 10)
- Re: [PEN-TEST] Citrix Christopher Winter (Oct 10)
- <Possible follow-ups>
- Re: [PEN-TEST] Citrix Beauregard, Claude Q (Oct 10)
- Re: [PEN-TEST] Citrix van der Kooij, Hugo (Oct 10)
- Re: [PEN-TEST] Citrix van der Kooij, Hugo (Oct 10)