NetScaler Web Management Interface Cookie Credentials Encryption Weakness

This script is Copyright (c) 2007-2014 nnposter


Synopsis :

The remote web server is prone to an information disclosure attack.

Description :

The version of the Citrix NetScaler web management interface on the
remote host uses weak encryption for protecting the HTTP cookie
content by XORing sensitive values, including the username and
password, with a fixed key stream.

See also :

http://www.securityfocus.com/archive/1/484182/100/0/threaded

Solution :

Do not stay logged into the NetScaler web management interface while
browsing other websites.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

Family: Web Servers

Nessus Plugin ID: 29220 ()

Bugtraq ID:

CVE ID: CVE-2007-6192

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial