[THIN] Re: FW: [CitrixCanada] ICA file from Nfuse-CSG
- From: "Mack, Rick" <RMack@xxxxxxxxxxxxxx>
- To: "'thin@xxxxxxxxxxxxx'" <thin@xxxxxxxxxxxxx>
- Date: Sat, 2 Nov 2002 09:02:33 +1100
Hi,
That isn't a password. The token handles the user authentication side of
things, and is time-stamped. There isn't enough info in the .ica file to let
you do any more than launch a DOS attack against the CSG server.
Regards,
Rick
Ulrich Mack
rmack@xxxxxxxxxxxxxx
Volante Systems
18 Heussler Terrace, Milton 4064
Queensland Australia
tel +61 7 32467704
-----Original Message-----
From: Selinger, Stephen [mailto:SSelinger@xxxxxxxxxxxxxx]
Sent: Saturday, 2 November 2002 1:15 AM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] FW: [CitrixCanada] ICA file from Nfuse-CSG
I was hoping that someone on this list would have an answer to this question
that I could forward to the Canadian list.
Thanks!
-----Original Message-----
From: Emerson Chi [mailto:EChi@xxxxxxxx]
Sent: November 1, 2002 3:15 AM
To: CitrixCanada@xxxxxxxxxxxxxxx; 'michael.burnett@xxxxxxxxxx'
Subject: [CitrixCanada] ICA file from Nfuse-CSG
I noticed that the ICA file sent by the NFuse server (in a CSG deployment)
contains the ticket, CSG gateway DNS name and encrypted NT domain and
password. If an intruder taps in to the SSL stream and able to crack the NT
domain and password, wouldn't they be able to use it and log in as the user
regardless of the ticket? All they really need is the user name, password
and domain to log in. How true is this and how can it be deemed safe and
secure?
Thanks
Emerson
Yahoo! Groups Sponsor
ADVERTISEMENT
<http://rd.yahoo.com/M=237459.2482214.3917349.2146399/D=egroupweb/S=17072819
14:HM/A=1267611/R=0/*http://ad.doubleclick.net/jump/N2524.Yahoo/B1071650;sz=
300x250;ord=1036156880111335?>
<http://us.adserver.yahoo.com/l?M=237459.2482214.3917349.2146399/D=egroupmai
l/S=:HM/A=1267611/rand=189333636>
To unsubscribe from this group, send an email to:
CitrixCanada-unsubscribe@xxxxxxxxxxxxxxx
Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service
<http://docs.yahoo.com/info/terms/> .
***********************************************
Visit Jim Kenzig of thethin.net at the
Emergent Online Booth #26 at Citrix Iforum 2002!
Register now at:
http://www.citrixiforum.com/registerNow.html
***********************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link.
http://thethin.net/citrixlist.cfm
**********************************************************************
This email may be confidential and/or privileged. Only the intended
recipient may access or use it. Any dissemination, distribution or
copying of this email is strictly prohibited. If you are not the
intended recipient please notify us immediately by return email and
then erase the email.
We use virus scanning software but exclude all liability for viruses
or similar in any attachment or message...,..,..,.
**********************************************************************
***********************************************
Visit Jim Kenzig of thethin.net at the
Emergent Online Booth #26 at Citrix Iforum 2002!
Register now at:
http://www.citrixiforum.com/registerNow.html
***********************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link.
http://thethin.net/citrixlist.cfm
Other related posts:
