RE: Citrix Client Access Verification
From: Robert Collins (robert.collins@itdomain.com.au)Date: 09/24/01
- Previous message: sween: "Citrix Client Access Verification"
- Maybe in reply to: sween: "Citrix Client Access Verification"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Subject: RE: Citrix Client Access Verification Date: Mon, 24 Sep 2001 12:57:11 +1000 Message-ID: <EA18B9FA0FE4194AA2B4CDB91F73C0EF08F1BC@itdomain002.itdomain.net.au> From: "Robert Collins" <robert.collins@itdomain.com.au> To: "sween" <sween@modelm.org>, <vuln-dev@securityfocus.com>
> -----Original Message-----
> From: sween [mailto:sween@modelm.org]
>
> Your professional opinions are appreciated.
>
> About a month ago I had posted the below as a Citrix Client Access
> Advisory and got several responses to the fact that it either
> it was not a
> valid vulnerabilty or that it was a default configuration problem.
> which may be true.
>
> but consider this. The "only allow users to launch published
> applications" checkbox only works in an environment when you are only
> serving published applications and not in an environment where you are
> serving desktops AND applications. You can visually tell by the
This is not correct. You can server desktops _as_ published applications
simply by serving "explorer.exe". Then you can turn on the checkbox for
"only allow users to launch published applications". IMO that does make
this a purely configuration issue.
Rob
- Previous message: sween: "Citrix Client Access Verification"
- Maybe in reply to: sween: "Citrix Client Access Verification"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
