Bugtraq: Re: Citrix ICA Basic Encryption

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Citrix ICA Basic Encryption

From: weld () L0PHT COM (Weld Pond)
Date: Tue, 28 Mar 2000 17:35:31 -0500


On Wed, 29 Mar 2000, Dug Song wrote:

Citrix offers a secure alternative called SecureICA, which uses
Diffie-Hellman for key exchange and RC5 to encrypt the underlying
transport (now at 128-bit strength worldwide). While this is certainly
better than the simple XOR scheme outlined above, it may still be
vulnerable to an active man-in-the-middle attack. Caveat user.


SecureICA is only available for Windows and DOS clients.  Unix, Macintosh,
and Java clients must use the insecure protocol. Due to the nature of the
protocol it cannot be tunnelled through ssh.  A VPN is probably the only
solution for Unix, Macintosh and Java clients.

-weld

By Date By Thread

Current thread:

Security Problems with Linux 2.2.x IP Masquerading, (continued)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Alon Rotem (Mar 26)