kampji/CVE-2020-13998.txt

## CVE-2020-13998.txt
Vulnerability Name: User Enumeration in Citrix XenApp 6.5
Registered: CVE-2020-13998

Discoverers:
Scott Goodwin, OSCP
Jill Kamperides
OCD Tech
https://ocd-tech.com

Vendor of Product:
Citrix

Affected Product Code Base:
XenApp - Version 6.5

Attack Type:
Remote

Vulnerability Type:
User Enumeration

Vulnerability Impact:
Information Disclosure

Attack Vector:
To exploit this vulnerability, an attacker can use brute force methods
to determine whether or not a list of users exists on the affected
server by monitoring the HTTP responses returned by the server; the
HTTP responses differ substantially between valid and invalid users.

Description:
** VERSION NOT SUPPORTED WHEN ASSIGNED ** Citrix XenApp 6.5, when 2FA
is enabled, allows a remote unauthenticated attacker to ascertain
whether a user exists on the server, because the 2FA error page only
occurs after a valid username is entered.

Additional Information:
Two-factor authentication must be enabled in Citrix XenApp 6.5 for
this vulnerability to be exploited. When a valid user is entered into
the login page (with an invalid password), the server returns a
two-factor authentication error page. When a nonexistent user is entered,
the page does not change. Users on the server can be enumerated with
complete confidence by monitoring which users trigger the two-factor
authentication error page, and which do not.

This vulnerability was disclosed to Citrix on 04/30/2020. Citrix
responded that XenApp version 6.5 has reached its End of Life (EOL)
and will not be receiving a patch. Users are recommended to upgrade
to resolve this vulnerability.

Reporting Timeline:
04/30/2020: Vulnerability was reported to Citrix
05/22/2020: Citrix deems XenApp 6.5 End of Life
06/09/2020: Vulnerability registered
06/10/2020: Public disclosure

Reference:
https://ocd-tech.com
	Vulnerability Name: User Enumeration in Citrix XenApp 6.5
	Registered: CVE-2020-13998

	Discoverers:
	Scott Goodwin, OSCP
	Jill Kamperides
	OCD Tech
	https://ocd-tech.com

	Vendor of Product:
	Citrix

	Affected Product Code Base:
	XenApp - Version 6.5

	Attack Type:
	Remote

	Vulnerability Type:
	User Enumeration

	Vulnerability Impact:
	Information Disclosure

	Attack Vector:
	To exploit this vulnerability, an attacker can use brute force methods
	to determine whether or not a list of users exists on the affected
	server by monitoring the HTTP responses returned by the server; the
	HTTP responses differ substantially between valid and invalid users.

	Description:
	VERSION NOT SUPPORTED WHEN ASSIGNED Citrix XenApp 6.5, when 2FA
	is enabled, allows a remote unauthenticated attacker to ascertain
	whether a user exists on the server, because the 2FA error page only
	occurs after a valid username is entered.

	Additional Information:
	Two-factor authentication must be enabled in Citrix XenApp 6.5 for
	this vulnerability to be exploited. When a valid user is entered into
	the login page (with an invalid password), the server returns a
	two-factor authentication error page. When a nonexistent user is entered,
	the page does not change. Users on the server can be enumerated with
	complete confidence by monitoring which users trigger the two-factor
	authentication error page, and which do not.

	This vulnerability was disclosed to Citrix on 04/30/2020. Citrix
	responded that XenApp version 6.5 has reached its End of Life (EOL)
	and will not be receiving a patch. Users are recommended to upgrade
	to resolve this vulnerability.

	Reporting Timeline:
	04/30/2020: Vulnerability was reported to Citrix
	05/22/2020: Citrix deems XenApp 6.5 End of Life
	06/09/2020: Vulnerability registered
	06/10/2020: Public disclosure

	Reference:
	https://ocd-tech.com