Created
June 10, 2020 20:06
-
-
Save kampji/11e259d68ad98a6f0f898132f1961a96 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Vulnerability Name: User Enumeration in Citrix XenApp 6.5 | |
Registered: CVE-2020-13998 | |
Discoverers: | |
Scott Goodwin, OSCP | |
Jill Kamperides | |
OCD Tech | |
https://ocd-tech.com | |
Vendor of Product: | |
Citrix | |
Affected Product Code Base: | |
XenApp - Version 6.5 | |
Attack Type: | |
Remote | |
Vulnerability Type: | |
User Enumeration | |
Vulnerability Impact: | |
Information Disclosure | |
Attack Vector: | |
To exploit this vulnerability, an attacker can use brute force methods | |
to determine whether or not a list of users exists on the affected | |
server by monitoring the HTTP responses returned by the server; the | |
HTTP responses differ substantially between valid and invalid users. | |
Description: | |
** VERSION NOT SUPPORTED WHEN ASSIGNED ** Citrix XenApp 6.5, when 2FA | |
is enabled, allows a remote unauthenticated attacker to ascertain | |
whether a user exists on the server, because the 2FA error page only | |
occurs after a valid username is entered. | |
Additional Information: | |
Two-factor authentication must be enabled in Citrix XenApp 6.5 for | |
this vulnerability to be exploited. When a valid user is entered into | |
the login page (with an invalid password), the server returns a | |
two-factor authentication error page. When a nonexistent user is entered, | |
the page does not change. Users on the server can be enumerated with | |
complete confidence by monitoring which users trigger the two-factor | |
authentication error page, and which do not. | |
This vulnerability was disclosed to Citrix on 04/30/2020. Citrix | |
responded that XenApp version 6.5 has reached its End of Life (EOL) | |
and will not be receiving a patch. Users are recommended to upgrade | |
to resolve this vulnerability. | |
Reporting Timeline: | |
04/30/2020: Vulnerability was reported to Citrix | |
05/22/2020: Citrix deems XenApp 6.5 End of Life | |
06/09/2020: Vulnerability registered | |
06/10/2020: Public disclosure | |
Reference: | |
https://ocd-tech.com |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment