[14446] in bugtraq
Re: Citrix ICA Basic Encryption
daemon@ATHENA.MIT.EDU (Weld Pond)
Wed Mar 29 18:50:13 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.BSO.4.21.0003281725160.18031-100000@0nus.l0pht.com>
Date: Tue, 28 Mar 2000 17:35:31 -0500
Reply-To: Weld Pond <weld@L0PHT.COM>
From: Weld Pond <weld@L0PHT.COM>
X-To: Dug Song <dugsong@MONKEY.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.BSO.4.20.0003290949280.2640-100000@naughty.monkey.org>
On Wed, 29 Mar 2000, Dug Song wrote:
> Citrix offers a secure alternative called SecureICA, which uses
> Diffie-Hellman for key exchange and RC5 to encrypt the underlying
> transport (now at 128-bit strength worldwide). While this is certainly
> better than the simple XOR scheme outlined above, it may still be
> vulnerable to an active man-in-the-middle attack. Caveat user.
SecureICA is only available for Windows and DOS clients. Unix, Macintosh,
and Java clients must use the insecure protocol. Due to the nature of the
protocol it cannot be tunnelled through ssh. A VPN is probably the only
solution for Unix, Macintosh and Java clients.
-weld
