CVE-2007-6192
published 2007-11-30CVE-2007-6192: The web management interface in Citrix NetScaler 8.0 build 47.8 uses weak encryption (XOR of unpadded data) to store credentials within a cookie, which makes…
PriorityP417medium4.3CVSS 2.0
AVNACMAuNCPINAN
EPSS
0.70%
48.4th percentile
The web management interface in Citrix NetScaler 8.0 build 47.8 uses weak encryption (XOR of unpadded data) to store credentials within a cookie, which makes it easier for remote attackers to obtain cleartext credentials when a cookie is captured via a known-plaintext attack.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | netscaler | — | — |
| citrix | netscaler_adc_gateway | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Citrix
CVE-2007-6192: The web management interface in Citrix NetScaler 8.0 build 47.8 uses weak encryption (XOR of unpadded data) to store credentials within a cookie, whic
vendor_citrix·2007-11-30·CVSS 4.3
CVE-2007-6192 [MEDIUM] CWE-310 CVE-2007-6192: The web management interface in Citrix NetScaler 8.0 build 47.8 uses weak encryption (XOR of unpadded data) to store credentials within a cookie, whic
CVE-2007-6192: The web management interface in Citrix NetScaler 8.0 build 47.8 uses weak encryption (XOR of unpadded data) to store credentials within a cookie, which makes it easier for remote attackers to obtain cleartext credentials when a cookie is captured via a known-plaintext attack.
GHSA
GHSA-5w67-96wr-rq68: The web management interface in Citrix NetScaler 8
ghsa_unreviewed·2022-05-01
CVE-2007-6192 [MEDIUM] GHSA-5w67-96wr-rq68: The web management interface in Citrix NetScaler 8
The web management interface in Citrix NetScaler 8.0 build 47.8 uses weak encryption (XOR of unpadded data) to store credentials within a cookie, which makes it easier for remote attackers to obtain cleartext credentials when a cookie is captured via a known-plaintext attack.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://securityreason.com/securityalert/3409http://securitytracker.com/id?1018991http://www.securityfocus.com/archive/1/484182/100/0/threadedhttps://exchange.xforce.ibmcloud.com/vulnerabilities/38646http://securityreason.com/securityalert/3409http://securitytracker.com/id?1018991http://www.securityfocus.com/archive/1/484182/100/0/threadedhttps://exchange.xforce.ibmcloud.com/vulnerabilities/38646
2007-11-30
Published