Citrix ICA SSO saved credentials in XOR obfuscated readable storage

The Citrix ICA application stores user credentials for its SingleSignOn SSO functionality in readable form using XOR obfuscation with the key „C“, as Benjam Delpy wrote: https://twitter.com/gentilkiwi/status/1570525137962930176

Mimikatz version 3 will be able to reveal this as shown in the following GIF with Windows 11 and Credential Guard enabled: https://video.twimg.com/tweet_video/Fcudz49XoAAfNHO.mp4


Video in higher quality


at
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Nextron Aurora EDR agent shows \Pr Error

Problem During start of Nextrons Aurora EDR lite agent the programm shows the following error message: PS C:\Program Files\Aurora-Agent...