VULHUB ™

Citadel/UX uses an authentication key exchange process, normally used to authenticate to the Citadel/UX as an internal trusted program (IPGM). A vulnerability has been reported for Citadel/UX, the issue presents itself in the procedure used by Citadel/UX to generate the internal program authentication key. The affected server derives a low entropy key that can be easily replicated. If successful a remote attacker may authenticate with the affected server as a trusted program, and consequently attain elevated privileges.

Citadel/UX uses an authentication key exchange process, normally used to authenticate to the Citadel/UX as an internal trusted program (IPGM). A vulnerability has been reported for Citadel/UX, the issue presents itself in the procedure used by Citadel/UX to generate the internal program authentication key. The affected server derives a low entropy key that can be easily replicated. If successful a remote attacker may authenticate with the affected server as a trusted program, and consequently attain elevated privileges.