Vulnerability Description
The Citrix MetaFrame Password Manager 2.0, when a central credential store is not configured, does not encrypt passwords entered immediately after executing the First Time User Wizards, which allows local users to gain sensitive information.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Citrix | Metaframe Password Manager | 2.0 |
References
- http://marc.info/?l=bugtraq&m=108127948610311&w=2
- http://secunia.com/advisories/11293Patch
- http://securitytracker.com/id?1009659
- http://support.citrix.com/kb/entry.jspa?entryID=4062&categoryID=256PatchVendor Advisory
- http://www.osvdb.org/4942
- http://www.securityfocus.com/bid/10049Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15737
- http://marc.info/?l=bugtraq&m=108127948610311&w=2
- http://secunia.com/advisories/11293Patch
- http://securitytracker.com/id?1009659
- http://support.citrix.com/kb/entry.jspa?entryID=4062&categoryID=256PatchVendor Advisory
- http://www.osvdb.org/4942
- http://www.securityfocus.com/bid/10049Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15737
FAQ
What is CVE-2004-1902?
CVE-2004-1902 is a vulnerability with a CVSS score of 2.1 (LOW). The Citrix MetaFrame Password Manager 2.0, when a central credential store is not configured, does not encrypt passwords entered immediately after executing the First Time User Wizards, which allows l...
How severe is CVE-2004-1902?
CVE-2004-1902 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1902?
Check the references section above for vendor advisories and patch information. Affected products include: Citrix Metaframe Password Manager.