exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Citrix Command Center Configuration Disclosure

Citrix Command Center Configuration Disclosure
Posted Mar 20, 2015
Authored by Han Sahin

It was discovered that Citrix Command Center stores configuration files containing credentials of managed devices within a folder accessible through the web server. Unauthenticated attackers can download any configuration file stored in this folder, decode passwords stored in these files, and gain privileged access to devices managed by Command Center.

tags | exploit, web
SHA-256 | 85d89d3569e65de31b41ef51ec733b7638c8cddd02e54405362cc915a3cf0ba9

Citrix Command Center Configuration Disclosure

Change Mirror Download
------------------------------------------------------------------------
Citrix Command Center allows downloading of configuration files
------------------------------------------------------------------------
Han Sahin, August 2014

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
It was discovered that Citrix Command Center stores configuration files
containing credentials of managed devices within a folder accessible
through the web server. Unauthenticated attackers can download any
configuration file stored in this folder, decode passwords stored in
these files, and gain privileged access to devices managed by Command
Center.

------------------------------------------------------------------------
Tested version
------------------------------------------------------------------------
This issue was discovered in Citrix Command Center 5.1 build 33.3
(including patch CC_SP_5.2_40_1.exe), other versions may also be
vulnerable.

------------------------------------------------------------------------
Fix
------------------------------------------------------------------------
Citrix reports that this vulnerability is fixed in Command Center 5.2
build 42.7, which can be downloaded from the following location (login
required).
https://www.citrix.com/downloads/command-center/product-software/command-center-52-427.html

Citrix assigned BUG0493933 to this issue.

------------------------------------------------------------------------
Details
------------------------------------------------------------------------
https://www.securify.nl/advisory/SFY20140802/citrix_command_center_allows_downloading_of_configuration_files.html

Configuration files can be downloaded from the conf web folder. Below is an example of a configuration file that can be obtained this way.

https://<target>:8443/conf/securitydbData.xml

This files contains encoded passwords, for example:

<DATA ownername="NULL" password="C70A0eE9os9T2z" username="root"/>

These passwords can be decoded trivially. The algorithm used can be found in the JAR file NmsServerClasses.jar. For example the encoded password C70A0eE9os9T2z decodes to SECURIFY123. The credentials stored in these files can than be used to gain privileged access to devices managed by Command Center.
Login or Register to add favorites

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close