Citrix Linux client logs session credentials

Read Time:17 Second

Posted by Russell Howe on Jan 16

The Citrix Linux client emits its session credentials when starting a
Citrix session. These credentials end up being recorded in the client’s
system log.

Citrix do not consider this to be a security vulnerability.

Writeup here:
https://github.com/rhowe/disclosures/tree/main/citrix-linux-client-cred-leak

Write

stb-0-0.50.20241002git31707d1.el8

FEDORA-EPEL-2025-f5725d94b3 Packages in this update: stb-0-0.50.20241002git31707d1.el8 Update description: Add another patch for the root cause of CVE-2021-45340. We already have...

January 11, 2025

USN-7169-5: Linux kernel (Real-time) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...

January 10, 2025

stb-0^20241002git31707d1-4.el9

FEDORA-EPEL-2025-75d8605b8c Packages in this update: stb-0^20241002git31707d1-4.el9 Update description: Add another patch for the root cause of CVE-2021-45340. We already have...

January 10, 2025

stb-0^20241002git31707d1-5.el10_0

FEDORA-EPEL-2025-93a1152ae1 Packages in this update: stb-0^20241002git31707d1-5.el10_0 Update description: Add another patch for the root cause of CVE-2021-45340. We already have...

January 10, 2025

stb-0^20241002git31707d1-4.fc40

FEDORA-2025-49e8952aab Packages in this update: stb-0^20241002git31707d1-4.fc40 Update description: Add another patch for the root cause of CVE-2021-45340. We already have...

January 10, 2025

ZDI-25-026: Mintty Path Conversion Improper Input Validation Information Disclosure Vulnerability

This vulnerability allows remote attackers to relay NTLM credentials on affected installations of Mintty. User interaction is required to exploit...

January 10, 2025

Friday Squid Blogging: Cotton-and-Squid-Bone Sponge

Apps That Are Spying on Your Location

Cybercriminals Use Fake CrowdStrike Job Offers to Distribute Cryptominer

Slovakia Hit by Historic Cyber-Attack on Land Registry

Canadian man loses a cryptocurrency fortune to scammers – here’s how you can stop it happening to you

Medusind Breach Exposes Sensitive Patient Data

Fake PoC Exploit Targets Security Researchers with Infostealer

Smashing Security podcast #399: Honey in hot water, and reset your devices

Space Bears ransomware: what you need to know

Citrix Linux client logs session credentials

stb-0-0.50.20241002git31707d1.el8

USN-7169-5: Linux kernel (Real-time) vulnerabilities

stb-0^20241002git31707d1-4.el9

stb-0^20241002git31707d1-5.el10_0

stb-0^20241002git31707d1-4.fc40

ZDI-25-026: Mintty Path Conversion Improper Input Validation Information Disclosure Vulnerability