Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Citrix ICA Basic Encryption
From: weld () L0PHT COM (Weld Pond)
Date: Tue, 28 Mar 2000 17:35:31 -0500


On Wed, 29 Mar 2000, Dug Song wrote:

Citrix offers a secure alternative called SecureICA, which uses
Diffie-Hellman for key exchange and RC5 to encrypt the underlying
transport (now at 128-bit strength worldwide). While this is certainly
better than the simple XOR scheme outlined above, it may still be
vulnerable to an active man-in-the-middle attack. Caveat user.

SecureICA is only available for Windows and DOS clients.  Unix, Macintosh,
and Java clients must use the insecure protocol. Due to the nature of the
protocol it cannot be tunnelled through ssh.  A VPN is probably the only
solution for Unix, Macintosh and Java clients.

-weld


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]