CVE-2005-4412 — Citrix Program Neighborhood Client vulnerability

4 documents3 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 75.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Program Neighborhood Client Citrix ADM Citrix Hypervisor +5 more

Timeline

PublishedDec 20

Latest updateMay 1

Description

Citrix Program Neighborhood client before 9.150 caches the user password in plaintext in the GUI while asterisks are used to visually obfuscate the password, which allows attackers with access to the session to obtain the password by using a tool to directly access the field.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages8 packages

▶NVDcitrix/program_neighborhood_client9.1

▶citrixcitrix/xenserver

▶citrixcitrix/citrix_adm

▶citrixcitrix/netscaler_adc

▶citrixcitrix/citrix_hypervisor

🔴Vulnerability Details

GHSA

GHSA-4rx4-97jg-645p: Citrix Program Neighborhood client before 9↗2022-05-01

▶

📋Vendor Advisories

Citrix

CVE-2005-4412: Citrix Program Neighborhood client before 9.150 caches the user password in plaintext in the GUI while asterisks are used to visually obfuscate the pa↗2005-12-20

▶

Citrix

Citrix Security Bulletin CTX108108↗

▶