[14441] in bugtraq
Citrix ICA Basic Encryption
daemon@ATHENA.MIT.EDU (Dug Song)
Wed Mar 29 12:33:17 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.BSO.4.20.0003290949280.2640-100000@naughty.monkey.org>
Date: Wed, 29 Mar 2000 09:59:55 -0500
Reply-To: Dug Song <dugsong@MONKEY.ORG>
From: Dug Song <dugsong@MONKEY.ORG>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
The ICA (Independent Computing Architecture) protocol used in various
Citrix products (Winframe, Metaframe) relies on a trivially cracked
encryption scheme to protect user authentication.
The ICA basic encryption algorithm is a variant of the simple XOR
scheme used for saved Winframe passwords:
void decrypt(u_char key, u_char *p, int len)
{
int i;
for (i = len; i > 0; i--)
p[i] = p[i-1] ^ p[i] ^ key;
p[0] ^= (key | 'C');
}
Demonstration code to decrypt Winframe passwords stored in appsrv.ini:
http://www.monkey.org/~dugsong/icadecrypt.c.txt
Demonstration code to sniff (and decrypt) ICA network authentication:
http://www.monkey.org/~dugsong/dsniff/
Citrix offers a secure alternative called SecureICA, which uses
Diffie-Hellman for key exchange and RC5 to encrypt the underlying
transport (now at 128-bit strength worldwide). While this is certainly
better than the simple XOR scheme outlined above, it may still be
vulnerable to an active man-in-the-middle attack. Caveat user.
http://www.citrix.com/products/sica/
Thanks to Jeremie Kass <jeremie@monkey.org> for providing me with ICA
traffic traces, and to Niels Provos <provos@monkey.org> for sifting thru
hexdumps with me. :-)
-d.
---
http://www.monkey.org/~dugsong/
