Citrix ICA SSO saved credentials in XOR obfuscated readable storage

The Citrix ICA application stores user credentials for its SingleSignOn SSO functionality in readable form using XOR obfuscation with the key „C“, as Benjam Delpy wrote: https://twitter.com/gentilkiwi/status/1570525137962930176

Mimikatz version 3 will be able to reveal this as shown in the following GIF with Windows 11 and Credential Guard enabled: https://video.twimg.com/tweet_video/Fcudz49XoAAfNHO.mp4


Video in higher quality


at
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Nextcloud v31 on Ubuntu 22.04 - update php v8.1 to v8.4

If you are running HanssonIT Nextcloud VM with Ubuntu 22.04 and your Nextcloud has version 31 and you want to update to version 32, you are ...