Vulnerabilities > CVE-2020-13998 - Information Exposure Through Discrepancy vulnerability in Citrix Xenapp 6.5.0.0

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

citrix

CWE-203

NVD

Published: 2020-06-11

Updated: 2024-04-11

Summary

Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticated attacker to ascertain whether a user exists on the server, because the 2FA error page only occurs after a valid username is entered. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Vulnerable Configurations

Part	Description	Count
Application	Citrix Citrix Xenapp 6.5.0.0	1

Common Weakness Enumeration (CWE)

CWE-203 - Information Exposure Through Discrepancy

References

https://gist.github.com/kampji/11e259d68ad98a6f0f898132f1961a96