Published: 10/03/2022 Updated: 18/03/2022

CVSS v2 Base Score: 1.9 | Impact Score: 2.9 | Exploitability Score: 3.4

CVSS v3 Base Score: 4.4 | Impact Score: 3.6 | Exploitability Score: 0.8

VMScore: 169

Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Subscribe to Federated Authentication Service

Citrix Federated Authentication Service (FAS) 7.17 - 10.6 causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module (TPM) to incorrectly store that key in the Microsoft Software Key Storage Provider (MSKSP). This issue only occurs if PowerShell was used when configuring FAS to store the registration authority certificate’s private key in the TPM. It does not occur if the TPM was not selected for use or if the FAS administration console was used for configuration.

Vulnerable Product	Search on Vulmon	Subscribe to Product
citrix federated authentication service

An issue has been identified in Citrix Federated Authentication Service (FAS) which causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module (TPM) to incorrectly store that key in the Microsoft Software Key Storage Provider (MSKSP)  ...

CWE-668 https://support.citrix.com/article/CTX341587 https://nvd.nist.gov https://support.citrix.com/article/CTX341587

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-26355

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect