Forum - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

Citrix NetScaler weak cryptography
Published: 26.11.2007
Source: BUGTRAQ
SecurityVulns ID: 8379
Type: remote
Level: 5/10
Description: Username/password are stored as a part of cookie with encryption (XORing with reused key), making it's possible to discover parts of the password.

Affected: CITRIX : NetScaler 8.0
CVE: CVE-2007-6037 (Cross-site scripting (XSS) vulnerability in ws/generic_api_call.pl in Citrix NetScaler 8.0 build 47.8 allows remote attackers to inject arbitrary web script or HTML via the standalone parameter and other unspecified parameters.)

Original document nnposter_(at)_disclosed.not, Citrix NetScaler Web Management Cookie Weakness (26.11.2007)

Discuss: Read or add your comments to this news (0 comments)

Show		Threads
		Messages


Login:*		(Register)
Password:*
(private)	To:
(reply)	Subject:*
Text:

Main Forum (Eng) General security questions not appropriate for another forums.	3proxy Forum (Eng) All 3proxy question must be posted to this forum.	Bugs, Vulnerabilities, PoCs and Exploits (Eng) All vulnerability related questions, vulnerability digging and exploit creation.	Windows programming and administration (Eng) Administering Windows and application development.	Unix programming and administation (Eng) Administering Unix and application development.	Test forum Please post all test messages here. All test messages from different forums will be deteted.
Main Forum (Rus)	3proxy Forum (Rus)	Bugs, Vulnerabilities, PoCs and Exploits (Rus)	Windows programming and administration (Rus)	Unix programming and administation (Rus)