CVE-2020-13998

** UNSUPPORTED WHEN ASSIGNED ** Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticated attacker to ascertain whether a user exists on the server, because the 2FA error page only occurs after a valid username is entered. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:citrix:xenapp:6.5.0.0:*:*:*:*:*:*:*

History

01 Aug 2024, 13:42

Type Values Removed Values Added
CWE CWE-639

27 Apr 2022, 14:16

Type Values Removed Values Added
CWE CWE-200 CWE-203

Information

Published : 2020-06-11 02:15

Updated : 2024-08-04 13:15


NVD link : CVE-2020-13998

Mitre link : CVE-2020-13998

CVE.ORG link : CVE-2020-13998


JSON object : View

Products Affected

citrix

  • xenapp
CWE
CWE-203

Observable Discrepancy

CWE-639

Authorization Bypass Through User-Controlled Key