[THIN] Re: How widespread is the knowledge of this security loop-hole?
- From: "Steve Greenberg" <steveg@xxxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Fri, 20 Aug 2004 21:32:35 -0700
I think your point is valid in the sense that default configurations can
potentially allow security risks. However, there are ways to limit and
control access which are perfectly acceptable. However, the point about
being able to allow/deny each individual drive is a really good one, this
feature should be added to the policy section of the CMC, it makes perfect
sense.
Steve Greenberg
Thin Client Computing
34522 N. Scottsdale Rd. suite D8453
Scottsdale, AZ 85262
(602) 432-8649
(602) 296-0411 fax
steveg@xxxxxxxxxxxxxx
_____
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Pedigo Michael-G17060
Sent: Friday, August 20, 2004 11:37 AM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] How widespread is the knowledge of this security loop-hole?
Hi All,
I was recently enlightened on what I consider a fairly major security
loop-hole in Metaframe...
Maybe the rest already know....
The wonderful feature of mapping your local hard drives.....you can also map
the network drives of the client via hidden shares...this could be really
bad...right???
I personally don't like security by obscurity.
I raised the issue to Citrix....but they didn't say much.
I suggested they modify the client and Management console to allow to
allow/deny each drive separately to tighten up this security risk.
Am I crazy or do you see where I am coming from?
Perhaps you might want to let Citrix know too...
Other related posts:
