Hi, That isn't a password. The token handles the user authentication side of things, and is time-stamped. There isn't enough info in the .ica file to let you do any more than launch a DOS attack against the CSG server. Regards, Rick Ulrich Mack rmack@xxxxxxxxxxxxxx Volante Systems 18 Heussler Terrace, Milton 4064 Queensland Australia tel +61 7 32467704 -----Original Message----- From: Selinger, Stephen [mailto:SSelinger@xxxxxxxxxxxxxx] Sent: Saturday, 2 November 2002 1:15 AM To: 'thin@xxxxxxxxxxxxx' Subject: [THIN] FW: [CitrixCanada] ICA file from Nfuse-CSG I was hoping that someone on this list would have an answer to this question that I could forward to the Canadian list. Thanks! -----Original Message----- From: Emerson Chi [mailto:EChi@xxxxxxxx] Sent: November 1, 2002 3:15 AM To: CitrixCanada@xxxxxxxxxxxxxxx; 'michael.burnett@xxxxxxxxxx' Subject: [CitrixCanada] ICA file from Nfuse-CSG I noticed that the ICA file sent by the NFuse server (in a CSG deployment) contains the ticket, CSG gateway DNS name and encrypted NT domain and password. If an intruder taps in to the SSL stream and able to crack the NT domain and password, wouldn't they be able to use it and log in as the user regardless of the ticket? All they really need is the user name, password and domain to log in. How true is this and how can it be deemed safe and secure? Thanks Emerson Yahoo! Groups Sponsor ADVERTISEMENT <http://rd.yahoo.com/M=237459.2482214.3917349.2146399/D=egroupweb/S=17072819 14:HM/A=1267611/R=0/*http://ad.doubleclick.net/jump/N2524.Yahoo/B1071650;sz= 300x250;ord=1036156880111335?> <http://us.adserver.yahoo.com/l?M=237459.2482214.3917349.2146399/D=egroupmai l/S=:HM/A=1267611/rand=189333636> To unsubscribe from this group, send an email to: CitrixCanada-unsubscribe@xxxxxxxxxxxxxxx Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service <http://docs.yahoo.com/info/terms/> . *********************************************** Visit Jim Kenzig of thethin.net at the Emergent Online Booth #26 at Citrix Iforum 2002! Register now at: http://www.citrixiforum.com/registerNow.html *********************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm ********************************************************************** This email may be confidential and/or privileged. Only the intended recipient may access or use it. Any dissemination, distribution or copying of this email is strictly prohibited. If you are not the intended recipient please notify us immediately by return email and then erase the email. We use virus scanning software but exclude all liability for viruses or similar in any attachment or message...,..,..,. ********************************************************************** *********************************************** Visit Jim Kenzig of thethin.net at the Emergent Online Booth #26 at Citrix Iforum 2002! Register now at: http://www.citrixiforum.com/registerNow.html *********************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm