Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] Citrix
From: Ryan Russell <ryan () SECURITYFOCUS COM>
Date: Mon, 9 Oct 2000 13:48:34 -0700
The most I've done with it is play with the "remember password" feaure on
the client.  For old Citrix clients and MSTerminal clients, it was
"encrypted" by XORing it with a fixed string.  The feature shouldn't be
there, it can't be done securely.  If you can get control of a client with
a stored password, there ya go.

                                        Ryan

On Mon, 9 Oct 2000, Beauregard, Claude Q wrote:


Has anyone done any penetration regarding Citrix and Internet access as
provided by the Citrix servers to internal network resources. Even though
they are now using 128bit encryption for the client the hole in the firewall
is there waiting to be exploited.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]