Full title: Citrix Command Center - Credential Disclosure Vulnerability 
Category: web applications
Platform: php
It was discovered that Citrix Command Center stores configuration files containing credentials of managed devices within a folder accessible through the web server. Unauthenticated attackers can download any configuration file stored in this folder, decode passwords stored in these files, and gain privileged access to devices managed by Command Center.

# 0day.today @ http://0day.today/