CVE-2005-4412 : Citrix Program Neighborhood client before 9.150 caches the user password in plaintext in the GUI while asterisks are use

Citrix Program Neighborhood client before 9.150 caches the user password in plaintext in the GUI while asterisks are used to visually obfuscate the password, which allows attackers with access to the session to obtain the password by using a tool to directly access the field.

Published 2005-12-20 11:03:00

Updated 2008-09-05 20:56:49

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2005-4412

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 7 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2005-4412

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.1	LOW	AV:L/AC:L/Au:N/C:P/I:N/A:N	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

References for CVE-2005-4412

http://support.citrix.com/article/CTX108108

Exploit;Vendor Advisory
http://securitytracker.com/id?1015372

Exploit

Products affected by CVE-2005-4412

Citrix » Program Neighborhood Client
Versions up to, including, (<=) 9.1
cpe:2.3:a:citrix:program_neighborhood_client:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2005-4412

Exploit prediction scoring system (EPSS) score for CVE-2005-4412

CVSS scores for CVE-2005-4412

References for CVE-2005-4412

Products affected by CVE-2005-4412