Vulnerability in Citrix Workspace App for Windows allows password theft

Sicherheit (Pexels, allgemeine Nutzung)[German]Citrix is warning users since September 2022 about a vulnerability in its Citrx Workspace app. There are reports that Citrix SSON stored passwords in the process memory can be retrieved at the user level. Updates are provided in the December 2, 2022 update to close the vulnerability. However, it looks like the information is still accessible for administrator accounts.


I came across this issue via the following tweet, which Citirx discloses in the support post Impact of Citrix SSO storing sensitive information in user-level process memory.

Citrix Workspace App

Citrix seems to have received reports on Twitter claiming that users are able to retrieve passwords stored in Citrix SSON in process memory at the user level via a new Mimikatz module. After analysis, the vendor qualifies that this vulnerability probably only exists in the Citrix Workspace app for Windows if SSON (SIngle Sign On) has been enabled there on a device registered in the domain.

Citrix has released updated versions of the Citrix Workspace app for Windows with fixes that protect standard users from stealing passwords from the user-level process store without administrator privileges.

Citrix also recommends that its customers consider using Windows AppLocker and/or only run trusted software on their systems to mitigate any potential risk.


Benjamin Delpy points out in this tweet that an administrator can still retrieve all passwords with the current Mimikatz version.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *