[23951] in bugtraq
RE: Citrix NFuse 1.6
daemon@ATHENA.MIT.EDU (Jeff Mills)
Tue Jan 22 17:34:59 2002
Message-ID: <C964D4D4A1A0D311A24D00508B553402C3DE33@POCS_EXCH>
From: Jeff Mills <Jeff.Mills@pocoldlogistics.com>
To: bugtraq@securityfocus.com
Date: Wed, 23 Jan 2002 08:43:11 +1100
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Tom and all,
I could not reproduce this problem.
My NFuse 1.6 server seems to redirect to the login page if I try to connect
directly to applist.asp.
Cheers,
Jeff Mills
-----Original Message-----
From: Tom.Lyne@kamino.com [mailto:Tom.Lyne@kamino.com]
Sent: Wednesday, 23 January 2002 2:58
To: bugtraq@securityfocus.com
Subject: Citrix NFuse 1.6
Dear Reader,
It seems if you go to an NFuse servers 'applist.asp' page without
first authenticating it reveals a list of all the applications that are
configured as published applications. Seems like an easily preventable
information leak from a default setup,
Rgds,
Tom Lyne
