CVE-2005-0822 — Citrix Metaframe Password Manager vulnerability

5 documents3 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 71.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Metaframe Password Manager Citrix ADM Citrix Hypervisor +5 more

Timeline

PublishedMay 2

Latest updateMay 1

Description

Citrix Metaframe Password Manager 2.5 and earlier stores a password in cleartext although it is obfuscated when presented to a user, which allows users to view their secondary passwords even if it is not allowed by policy.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages8 packages

▶NVDcitrix/metaframe_password_manager2.5

▶citrixcitrix/xenserver

▶citrixcitrix/citrix_adm

▶citrixcitrix/netscaler_adc

▶citrixcitrix/citrix_hypervisor

Patches

Patch: support.citrix.com ↗Patch: support.citrix.com ↗

🔴Vulnerability Details

GHSA

GHSA-92g2-52fc-gp84: Citrix Metaframe Password Manager 2↗2022-05-01

▶

📋Vendor Advisories

Citrix

CVE-2005-0822: Citrix Metaframe Password Manager 2.5 and earlier stores a password in cleartext although it is obfuscated when presented to a user, which allows user↗2005-05-02

▶

Citrix

Citrix Security Bulletin CTX105762↗

▶

Citrix

MetaFrame Password Manager "reveal password" policy bypass↗

▶