Citrix ICA SSO saved credentials in XOR obfuscated readable storage

The Citrix ICA application stores user credentials for its SingleSignOn SSO functionality in readable form using XOR obfuscation with the key „C“, as Benjam Delpy wrote: https://twitter.com/gentilkiwi/status/1570525137962930176

Mimikatz version 3 will be able to reveal this as shown in the following GIF with Windows 11 and Credential Guard enabled: https://video.twimg.com/tweet_video/Fcudz49XoAAfNHO.mp4


Video in higher quality


at
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

GitLab add role to project member - e.g. from Developer to Maintaner role

GitLab introduced roles. Sometimes in e.g. protected branches or similar events you have to have the Maintaner role, not only the Developer ...