Where does the PNA/online Plugin store the users credentials?, in the Client / End User Issues forum on BrianMadden.com

Reply

Dan Murray replied on Fri, Jan 21 2011 12:40 PM

rated by 0 users

These would be cached in memory.

Dan

Reply

Quee replied on Mon, Jan 24 2011 4:45 AM

rated by 0 users

That is not what I had in mind. What I need to know is where the PNA client stores the users PW when checking save password.

Reply

Dan Murray replied on Mon, Jan 24 2011 9:51 AM

rated by 0 users

Look for APPSRV.INI.  I believe it is written in there in a hashed format.  Not very secure.

Dan

Reply

Quee replied on Tue, Jan 25 2011 5:04 AM

rated by 0 users

Unfortunately I don't see anything inside the appsrv.ini that could be indentified as the username or pw. Any other ideas?

The client version is 12.1

Reply

Quee replied on Tue, Jan 25 2011 5:09 AM

rated by 0 users

BTW here is the appsrv.ini, it is not showing anything interessting:

; Copyright 1998-2008 Citrix Systems, Inc.
;**********************************************************************
;**
;** APPSRV.INI - Application Server Configuration File.
;**
;** This file contains user settings which define application
;** servers and other preferences.
;**
;**********************************************************************

[WFClient]
Version=2
LogFile=C:\Program Files\Citrix\ICA Client\wfclient.log
LogFileWin16=wfcwin.log
LogFileWin32=C:\Users\username.DOMAIN\AppData\Roaming\ICAClient\wfcwin32.log
LogAppend=Off
LogConnect=On
LogErrors=On
LogTransmit=Off
LogReceive=Off
LogKeyboard=Off
Hotkey1Char=F1
Hotkey1Shift=Shift
Hotkey2Char=F3
Hotkey2Shift=Shift
Hotkey3Char=F2
Hotkey3Shift=Shift
Hotkey4Char=F1
Hotkey4Shift=Ctrl
Hotkey5Char=F2
Hotkey5Shift=Ctrl
Hotkey6Char=F2
Hotkey6Shift=Alt
Hotkey7Char=plus
Hotkey7Shift=Alt
Hotkey8Char=minus
Hotkey8Shift=Alt
Hotkey9Char=F3
HotKey10Shift=Ctrl
Hotkey10Char=F5
HotKey9Shift=Ctrl
Hotkey11Char=plus
Hotkey11Shift=Ctrl
Hotkey12Char=none
Hotkey12Shift=none
Hotkey13Char=none
Hotkey13Shift=none
DisableSound=Off
MouseTimer=0
KeyboardTimer=0
ColorMismatchPrompt_Have16_Want256=On
ColorMismatchPrompt_Have64K_Want256=On
ColorMismatchPrompt_Have16M_Want256=On
DosConnectTTY=On
ConnectTTY=Off
ConnectTTYDelay=1000
BrowserRetry=3
BrowserTimeout=1000
PersistentCacheEnabled=Off
PersistentCacheSize=30000000
PersistentCacheMinBitmap=8192
PersistentCachePath=C:\Users\username.DOMAIN\AppData\Roaming\ICAClient\Cache
UpdatesAllowed=On
COMAllowed=On
CPMAllowed=On
VSLAllowed=On
CDMAllowed=On
MaximumCompression=Off
XmlAddressResolutionType=DNS-Port
ICASOCKSProtocolVersion=-1
ICASOCKSProxyHost=
ICASOCKSProxyPortNumber=1080
SSLEnable=Off
SSLProxyHost=*:443
SSLNoCACerts=0
SSLCiphers=ALL

DesiredColor=2
ScreenPercent=0
DesiredHRES=640
DesiredVRES=480

Reply

Quee replied on Tue, Jan 25 2011 7:31 AM

rated by 0 users

I am quite sure that it is stored in the registry key HKCU\Software\Citrix\PNAgent. But I don't know which value it is.

Reply

EmilBeck replied on Tue, Jan 25 2011 9:26 AM

rated by 0 users

Well, ahem *cough* *cough* this is something to bear in mind when designing security and the PNAgent Client, if you check the save password box on the PNA login it will save a hashed copy of the password in  HKCU\Software\Citrix\PNAgent\Configuration Model and some stuff in the User model.  For me this is a security risk (I tested this about a year ago (12.xx), so not sure on the latest Clients), you can export the PNagent Subkey and import it onto another client and you have UserName PASSWORD and Domain.  Much better to use the Kerberos ticketed pass-through authentication.

An interesting exercise is to convert the Configuration Key to Plain text and see if you can find your password (in sequence).  Have had some interesting results!

--Emil

Reply

Michael replied on Mon, Feb 20 2012 12:30 AM

rated by 0 users

Thanks the  HKCU\Software\Citrix\PNAgent\User model 000 is the key needing to have the username removed from it.

Awesome answer and thanks.