Computer Security
[EN] securityvulns.ru no-pyccku


Citrix NetScaler weak cryptography
Published:26.11.2007
Source:
SecurityVulns ID:8379
Type:remote
Threat Level:
5/10
Description:Username/password are stored as a part of cookie with encryption (XORing with reused key), making it's possible to discover parts of the password.
Affected:CITRIX : NetScaler 8.0
CVE:CVE-2007-6037 (Cross-site scripting (XSS) vulnerability in ws/generic_api_call.pl in Citrix NetScaler 8.0 build 47.8 allows remote attackers to inject arbitrary web script or HTML via the standalone parameter and other unspecified parameters.)
Original documentdocumentnnposter_(at)_disclosed.not, Citrix NetScaler Web Management Cookie Weakness (26.11.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod