← Back

CVE-2022-26355

nvd nist
Published: Mar 10, 2022Modified: Nov 21, 2024

JSON object

Loading...
4.4
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Exploitability: 0.8 / Impact: 3.6
Source: NVD

Description

Citrix Federated Authentication Service (FAS) 7.17 - 10.6 causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module (TPM) to incorrectly store that key in the Microsoft Software Key Storage Provider (MSKSP). This issue only occurs if PowerShell was used when configuring FAS to store the registration authority certificate’s private key in the TPM. It does not occur if the TPM was not selected for use or if the FAS administration console was used for configuration.

Affected (1)

Citrix
1 product
Federated Authentication Service
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Federated Authentication Service
From 7.17 to 10.6

Related CWEs

CWE-668
Exposure of Resource to Wrong Sphere
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References (2)

Source: secure@citrix.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.