How to Buy
This script is Copyright (C) 2002-2014 John Lampe...email@example.com
A Citrix server is running on this machine.
Citrix servers allow a Windows user to remotely obtain a graphical
login (and therefore act as a local user on the remote host).
NOTE: by default the Citrix Server application utilizes a weak 40 bit
obfuscation algorithm (not even a true encryption). If the default
settings have not been changed, there are tools that can be used to
passively discover userIDs and passwords as they traverse a network.
If this server is located within your DMZ, the risk is substantially
higher, as Citrix necessarily requires access into the internal
network for applications like SMB browsing, file sharing, email
If an attacker gains a valid login and password, this service could be
used to gain further access on the remote host or remote network. This
protocol has also been shown to be vulnerable to a man-in-the-middle
See also :
Make sure that the server is configured to utilize strong encryption.
Risk factor :
Family: Service detection
Nessus Plugin ID: 10942 (citrix_find.nasl)
Bugtraq ID: 7276
Get Nessus Professional to scan unlimited IPs, run compliance checks & more
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.