CVE-2004-1902 — Citrix Metaframe Password Manager vulnerability

3 documents3 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 74.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Metaframe Password Manager

Timeline

PublishedDec 31

Latest updateApr 29

Description

The Citrix MetaFrame Password Manager 2.0, when a central credential store is not configured, does not encrypt passwords entered immediately after executing the First Time User Wizards, which allows local users to gain sensitive information.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

▶NVDcitrix/metaframe_password_manager2.0

Patches

Patch: secunia.com ↗Patch: support.citrix.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-qm6f-p4vv-g3v5: The Citrix MetaFrame Password Manager 2↗2022-04-29

▶

📋Vendor Advisories

Citrix

CVE-2004-1902: The Citrix MetaFrame Password Manager 2.0, when a central credential store is not configured, does not encrypt passwords entered immediately after exe↗2004-12-31

▶